[EFF] Section 230 Is Not A Special “Tech Company” Immunity
2019-05-01T15:20:36Z
David Greene
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Members of Congress are fond of wrongly calling Section 230 (47 U.S.C. § 230) a “big tech company” immunity, implying that it doesn’t protect anyone else. And they are not alone in this mistake. We frequently hear the same mischaracterization from friends in academia and legacy news media. </p>
<p>The characterization is wrong because Section 230’s protections have been enjoyed and employed by a wide variety of Internet users. The law’s protections are in no way limited to “tech companies,” of any size.</p>
<p>Section 230, <a href="https://www.law.cornell.edu/uscode/text/47/230">by its language</a>, provides immunity to any “provider or user of an interactive computer service” when that “provider or user” republishes content created by someone or something else, protecting both decisions to moderate it and those to transmit it without moderation. “User,” in particular, has been interpreted broadly to apply <a href="https://caselaw.findlaw.com/ca-supreme-court/1282926.html">“simply to anyone using an interactive computer service.”</a> This includes anyone who maintains a website, posts to message boards or <a href="https://www.eff.org/cases/barrett-v-rosenthal">newsgroups</a>, or <a href="https://blog.ericgoldman.org/archives/2010/11/forwarding_defa_1.htm">anyone</a> <a href="https://blog.ericgoldman.org/archives/2010/02/forwarding_defa.htm">who</a> <a href="https://blog.ericgoldman.org/archives/2017/03/judge-balks-at-section-230-protection-for-email-forwarding-samsel-v-desoto-county-school-district.htm">forwards</a> <a href="https://www.eff.org/issues/cda230/cases/batzel-v-smith">email</a>. A user can be an individual, a nonprofit organization, a <a href="https://blog.ericgoldman.org/archives/2019/04/section-230-applies-to-ada-closed-captioning-claims-national-federation-of-the-deaf-v-harvard.htm">university</a>, a small brick-and-mortar business, or, yes, a “tech company.” </p>
<p>The "news media entity-social media platform" dynamic is a helpful example here. Legacy news media companies often complain that Section 230 gives online social media platforms extra legal protections and thus an unfair advantage. But Section 230 makes no distinction between news entities and social media platforms. Instead, the only distinction the law creates is between online and offline publication, a recognition of the inherent differences in scale between the two modes of publication. And plenty, if not the vast majority, of news media entities publish online—either solely or in tandem with their print editions. When a news media entity publishes online, it gets the exact same Section 230 immunity from liability based on publishing someone else’s content that a social media platform gets.</p>
<p>So, for example, news media entities have Section 230 immunity from any liability that arises from comments that readers post to articles, wire service stories, or advertisements. And <a href="http://digitalcommons.law.scu.edu/cgi/viewcontent.cgi?article=1101&context=historical">they</a> <a href="https://blog.ericgoldman.org/archives/2012/03/another_newspap.htm">have</a> <a href="https://blog.ericgoldman.org/archives/2010/08/video_publisher_1.htm">been</a> <a href="https://blog.ericgoldman.org/archives/2010/04/230_protects_ne.htm">highly</a> successful when they do raise Section 230 as a defense. As Prof. Eric Goldman <a href="https://blog.ericgoldman.org/archives/2011/05/47_usc_230_and_1.htm">has</a> <a href="https://blog.ericgoldman.org/archives/2012/07/yet_another_cas.htm">catalogued</a>, “One of the safest bets in Section 230 jurisprudence is that a traditional media publisher won’t be liable for user comments to its website.” Conversely, a big tech company is not protected by Section 230 when it publishes someone else’s content in print. So, for example, Airbnb can’t use Section 230 to shield it from liability based on user reviews or letters to the editor that it might publish in <a href="https://www.airbnb.com/magazine">its new print magazine</a>. </p>
<p>EFF’s own work on Section 230 reflects the wide variety of Internet users who are protected from liability by the law. In our <a href="https://www.eff.org/cases/woodhull-freedom-foundation-et-al-v-united-states">current challenge to FOSTA</a>, our clients are the Internet Archive, nonprofit human rights organizations and individuals who maintain websites, and an individual who wishes to advertise on Craigslist. We previously represented the Internet Archive in <a href="https://www.eff.org/cases/internet-archive-v-hoffman">two</a> <a href="https://www.eff.org/cases/internetarchive-v-mckenna">other</a> cases challenging restrictions to Section 230’s protections. </p>
<p>Of course, the ultimate beneficiaries of Section 230 are <a href="https://www.eff.org/issues/cda230/infographic">all of us</a> who want online intermediaries to exist so that we can post things online without having to code it ourselves, and so that we can read and watch content that others create. Intermediaries, be they social media platforms, news sites, or email forwarders, aren’t protected by Section 230 for their own sake. They’re protected so that they can be available to all of us who rely on them. </p>
<p>To be sure, “tech companies” that provide a platform for the speech of others rely on Section 230 immunity to a great extent. But it’s a mistake to say that they are the only or even the majority of those who do so, or that only or mostly they assert it as a defense to liability in court.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases: </div><div class="field__items"><div class="field__item even"><a href="/cases/woodhull-freedom-foundation-et-al-v-united-states">Woodhull Freedom Foundation et al. v. United States</a></div></div></div>
[EFF] We Got U.S. Border Officials to Testify Under Oath. Here’s What We Found Out
2019-05-01T00:20:24Z
Adam Schwartz
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><div class="panel-pane pane-aclu-components-description description">
<p><em>This is a guest post by <a href="https://www.aclu.org/bio/hugh-handeyside">Hugh Handeyside</a>, Senior Staff Attorney, ACLU National Security Project, <a href="https://www.aclu.org/bio/nathan-freed-wessler">Nathan Freed Wessler</a>, Staff Attorney, ACLU Speech, Privacy, and Technology Project, and <a href="https://www.aclu.org/bio/esha-bhandari">Esha Bhandari</a>, Staff Attorney, ACLU Speech, Privacy, and Technology Project. It was <a href="https://www.aclu.org/blog/privacy-technology/privacy-borders-and-checkpoints/we-got-us-border-officials-testify-under">originally posted</a> on the ACLU Speak Freely blog. </em></p>
<p>In September 2017, we, along with the Electronic Frontier Foundation, <a href="https://www.aclu.org/cases/alasaad-v-nielsen-challenge-warrantless-phone-and-laptop-searches-us-border?redirect=cases/alasaad-v-duke-challenge-warrantless-phone-and-laptop-searches-us-border">sued</a> the federal government for its warrantless and suspicionless searches of phones and laptops at airports and other U.S. ports of entry.<br /><br />The government immediately tried to dismiss our case, arguing that the First and Fourth Amendments do not protect against such searches. But the court <a href="https://www.aclu.org/news/court-rejects-government-bid-dismiss-aclu-eff-suit-challenging-warrantless-phone-searches-us">ruled</a> that our clients — 10 U.S. citizens and one lawful permanent resident whose phones and laptops were searched while returning to the United States — could move forward with their claims. <br /><br />Since then, U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement have had to turn over documents and evidence about why and how they conduct warrantless and suspicionless searches of electronic devices at the border. And their officials have had to sit down with us to explain — under oath — their policies and practices governing such warrantless searches.<br /><br />What we learned is alarming, and we’re now back in court with this new evidence <a href="https://www.aclu.org/legal-document/alasaad-v-mcaleenan-memorandum-support-motion-summary-judgment">asking the judge</a> to skip trial altogether and rule for our clients.<br /><br />The <a href="https://www.aclu.org/legal-document/alasaad-v-mcaleenan-motion-summary-judgment-statement-undisputed-material-facts">information</a> we uncovered through our lawsuit shows that CBP and ICE are asserting near-unfettered authority to search and seize travelers’ devices at the border, for purposes far afield from the enforcement of immigration and customs laws. The agencies’ policies allow officers to search devices for general law enforcement purposes, such as investigating and enforcing bankruptcy, environmental, and consumer protection laws. The agencies also say that they can search and seize devices for the purpose of compiling “risk assessments” or to advance pre-existing investigations. The policies even allow officers to consider requests from other government agencies to search specific travelers’ devices.<br /><br />CBP and ICE also say they can search a traveler’s electronic devices to find information about someone else. That means they can search a U.S. citizen’s devices to probe whether that person’s family or friends may be undocumented; the devices of a journalist or scholar with foreign sources who may be of interest to the U.S. government; or the devices of a traveler who is the business partner or colleague of someone under investigation.<br /><br />Both agencies allow officers to retain information from travelers’ electronic devices and share it with other government entities, including state, local, and foreign law enforcement agencies.<a href="https://action.aclu.org/petition/say-no-trumps-border-wall?ms_aff=NAT&initms_aff=NAT&ms=190410_immigrantrights_nationalsecurity_nationalemergency_&initms=190410_immigrantrights_nationalsecurity_nationalemergency_&ms_chan=web&initms_chan=web"><span class="arrow"><br /><br /></span></a>Let’s get one thing clear: The government cannot use the pretext of the “border” to make an end run around the Constitution.<br /><br />The border is not a lawless place. CBP and ICE are not exempt from the Constitution. And the information on our phones and laptops is no less deserving of constitutional protections than, say, international mail or our homes.<br /><br />Warrantless and suspicionless searches of our electronic devices at the border violate the Fourth Amendment, which protects us against unreasonable searches and seizures – including at the border. Border officers do have authority to search our belongings for contraband or illegal items, but mobile electronic devices are unlike any other item officers encounter at the border. For instance, they contain far more personal and revealing information than could be gleaned from a thorough search of a person’s home, which requires a warrant.<br /><br />These searches also violate the First Amendment. People will self-censor and avoid expressing dissent if they know that returning to the United States means that border officers can read and retain what they say privately, or see what topics they searched online. Similarly, journalists will avoid reporting on issues that the U.S. government may have an interest in, or that may place them in contact with sensitive sources.<br /><br />Our clients’ experiences demonstrate the intrusiveness of device searches at the border and the emotional toll they exact. For instance, <a href="https://www.aclu.org/bio/zainab-merchant">Zainab Merchant</a> and <a href="https://www.aclu.org/bio/ghassan-and-nadia-alasaad">Nadia Alasaad</a> both wear headscarves in public for religious reasons, and their smartphones contained photos of themselves without headscarves that they did not want border officers to see. Officers searched the phones nonetheless. On another occasion, a border officer searched Ms. Merchant’s phone even though she repeatedly told the officer that it contained attorney-client privileged communications. After repeated searches of his electronic devices, <a href="https://www.aclu.org/bio/ismail-kushkush">Isma’il Kushkush</a>, a journalist, felt worried that he was being targeted because of his reporting, and he questioned whether to continue covering issues overseas.<br /><br />Crossing the U.S. border shouldn’t mean facing the prospect of turning over years of emails, photos, location data, medical and financial information, browsing history, or other personal information on our mobile devices. That’s why we’re asking a federal court to rule that border agencies must do what any other law enforcement agency would have to do in order to search electronic devices: get a warrant.</p>
</div>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases: </div><div class="field__items"><div class="field__item even"><a href="/cases/alasaad-v-duke">Alasaad v. Nielsen</a></div></div></div>
[EFF] New Documents Reveal DHS Asserting Broad, Unconstitutional Authority to Search Travelers’ Phones and Laptops
2019-04-30T18:40:32Z
Karen Gullo
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">EFF, ACLU Move for Summary Judgement to Block Warrantless Searches of Electronic Devices at Airports, U.S. Ports of Entry</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><div class="page" title="Page 1">
<div class="layoutArea">
<div class="column">
<p><span>BOSTON </span><span>— The Electronic Frontier Foundation (EFF) and the ACLU </span><span>today asked a federal court to rule without trial that the Department of </span><span>Homeland Security violates the First and Fourth Amendments by searching travelers’ </span><span>smartphones and laptops at airports and other U.S. ports of entry without a warrant.<br /><br />The <a href="https://www.eff.org/document/alasaad-motion-summary-judgment">request for summary judgment</a> comes after the groups obtained documents and deposition testimony revealing that U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement authorize border officials to search </span><span>travelers’ </span><span>phones and laptops for general law enforcement purposes, and consider requests from other government agencies when deciding whether to conduct such warrantless searches.<br /><br />“The evidence we have presented the court shows that the scope of ICE and CBP border searches is unconstitutionally broad,” said EFF Senior Staff Attorney Adam Schwartz. “ICE and CBP policies and practices allow unfettered, warrantless searches of travelers’ digital devices, and empower officers to dodge the Fourth Amendment when rifling through highly personal information contained on laptops and phones.”<br /><br /></span><span>The previously undisclosed government information was obtained as part of a lawsuit, </span><span><a href="https://www.eff.org/cases/alasaad-v-duke"><span>Alasaad v. McAleenan</span></a></span><span>, EFF, ACLU, and ACLU of Massachusetts filed in September 2017 on behalf of 11 travelers—</span><span></span><span>10 U.S. citizens and one lawful permanent resident—</span><span></span><span>whose smartphones and laptops were searched without warrants at U.S. ports of entry.<br /><br />“This new evidence reveals that government agencies are using the pretext of the border to make an end run around the First and Fourth Amendments,” said Esha Bhandari, staff attorney with the ACLU’s Speech, Privacy, and Technology Project. “The border is not a lawless place, ICE and CBP are not exempt from the Constitution, and the information on our electronic devices is not devoid of Fourth Amendment protections. We’re asking the court to stop these unlawful searches and require the government to get a warrant.”<br /></span><span><br />The government documents and testimony, portions of which were publicly filed in court today, reveal CBP and ICE are asserting broad and unconstitutional authority to search and seize </span><span>travelers’ devices</span><span>. The evidence includes ICE and CBP policies and practices that authorize border officers to conduct warrantless and suspicionless device searches for purposes </span><span>beyond </span><span>the enforcement of immigration and customs laws</span><span>. Officials can search devices for general law enforcement purposes, such as enforcing bankruptcy, environmental, and consumer protection laws, and for intelligence gathering or to advance pre-existing investigations. Officers also consider requests from other government agencies to search devices. In addition, the agencies assert the authority to search electronic devices when the subject of interest is someone other than the traveler—</span><span></span><span>such as when the traveler is a journalist or scholar with foreign sources who are of interest to the U.S. government, or even when the traveler is the business partner of someone under investigation. Both agencies further allow officers to retain information from </span><span>travelers’ electronic devices </span><span>and share it with other government entities, including state, local, and foreign law enforcement agencies.<br /><br />The plaintiffs are asking the court to rule that the government must have a warrant based on probable cause before conducting searches of electronic devices, which contain highly detailed </span><span>personal information about people’s lives. The </span><span>plaintiffs, which include a limousine driver, a military veteran, journalists, students, an artist, a NASA engineer, and a business owner, are also requesting the court to hold that the government must have probable cause to confiscate a </span><span>traveler’s device. </span></p>
</div>
</div>
</div>
<div class="page" title="Page 2">
<div class="layoutArea">
<div class="column">
<p><span>The district court previously </span><span><a href="https://www.eff.org/deeplinks/2018/05/victory-alasaad-our-digital-privacy-border">rejected</a> </span><span>the government’s motion to dismiss the lawsuit. </span></p>
<p><span>The </span><span><a href="https://www.cbp.gov/newsroom/national-media-release/cbp-releases-statistics-electronic-device-searches-0">number</a> </span><span>of electronic device searches at the border has increased dramatically in the last few years. Last year, CBP </span><span><a href="https://www.cbp.gov/newsroom/national-media-release/cbp-releases-updated-border-search-electronic-device-directive-and">conducted</a> </span><span>more than 33,000 border device searches, almost four times the number from just three years prior. CBP and ICE policies allow border officers to manually search </span><span>anyone’s smartphone </span><span>with no suspicion at all, and to conduct a forensic search with reasonable suspicion of wrongdoing. CBP also allows suspicionless device searches for a </span><span>“national security concern.” </span></p>
<p><span>Below is a full list of the plaintiffs. Their individual stories can be found </span><a href="https://www.eff.org/pages/alasaad-vs-duke-bios">here</a><span>: </span></p>
<ul><li>
<p><span>Ghassan and Nadia Alasaad </span><span>are a married couple who live in Massachusetts, where he is a limousine driver and she is a nursing student. </span></p>
</li>
<li>
<p><span>Suhaib Allababidi</span><span>, who lives in Texas, owns and operates a business that sells security technology, including to federal government clients. </span></p>
</li>
<li>
<p><span>Sidd Bikkannavar </span><span>is an engineer for NASA’s Jet Propulsion Laboratory in California. </span></p>
</li>
<li>
<p><span>Jeremy Dupin </span><span>is a journalist living in Massachusetts. </span></p>
</li>
<li>
<p><span>Aaron Gach </span><span>is an artist living in California. </span></p>
</li>
<li>
<p><span>Isma’il Kushkush </span><span>is a journalist living in Virginia. </span></p>
</li>
<li>
<p><span>Diane Maye </span><span>is a college professor and former captain in the U. S. Air Force living in Florida. </span></p>
</li>
<li>
<p><span>Zainab Merchant </span><span>is a writer and a graduate student at Harvard. </span></p>
</li>
<li>
<p><span>Akram Shibly </span><span>is a filmmaker from New York. </span></p>
</li>
<li>
<p><span>Matthew Wright </span><span>is a computer programmer in Colorado. </span></p>
<p><span>For the motion for summary </span><span>judgment and statement of material facts:<br /><a href="https://www.eff.org/document/alasaad-motion-summary-judgment">https://www.eff.org/document/alasaad-motion-summary-judgment</a><br /><a href="https://www.eff.org/document/alasaad-msj-statement-material-facts">https://www.eff.org/document/alasaad-msj-statement-material-facts</a><br /><br />For more information about this case:<br /><a href="https://www.eff.org/cases/alasaad-v-duke">https://www.eff.org/cases/alasaad-v-duke</a> </span></p>
<p><span></span></p></li>
</ul></div>
</div>
</div>
</div></div></div><div class="field field--name-field-contact field--type-node-reference field--label-above"><div class="field__label">Contact: </div><div class="field__items"><div class="field__item even"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Adam</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Schwartz</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Senior Staff Attorney</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:adam@eff.org">adam@eff.org</a></div></div></div> </div>
</div>
</div><div class="field__item odd"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Abdullah</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Hasan</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">ACLU</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:ahasan@aclu.org">ahasan@aclu.org</a></div></div></div> </div>
</div>
</div><div class="field__item even"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Kate </div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">LaGreca</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">ACLU of Massachusetts</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:klagreca@aclum.org">klagreca@aclum.org</a></div></div></div> </div>
</div>
</div></div></div>
[EFF] Media Alert: Court Hearing Wednesday on Law Enforcement Retention of DNA Profiles from Innocent Californians
2019-04-29T18:58:35Z
Rebecca Jeschke
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Social Justice Organizations Challenging Policy that Infringes the Privacy of Hundreds of Thousands of People</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>San Francisco – At 9:30 am on Wednesday, May 1, the Electronic Frontier Foundation (EFF) and the Law Office of Michael T. Risher will argue against the government’s motion to dismiss a lawsuit challenging law enforcement retention of DNA profiles of hundreds of thousands of innocent Californians.</p>
<p>EFF and Risher represent two social justice organizations—the Center for Genetics and Society and the Equal Justice Society—and an individual plaintiff, Pete Shanks. They filed the suit against the state of California to challenge its retention of genetic profiles from people arrested but never convicted of any crime. California has long collected DNA from people convicted of serious felony offenses, but ten years ago the state mandated DNA collection for every single felony arrestee.</p>
<p>Once these samples are collected, the DNA is analyzed and uploaded to the nationwide Combined DNA Index System, or “CODIS,” which is shared with law enforcement across the U.S. The DNA profiles remain in the state and national database indefinitely – even those from people who were later determined to be innocent. Innocent people whose DNA profiles remain in the databases have been mistakenly arrested, charged, or even imprisoned based on crime-lab and other errors that found a supposed CODIS match between their profile and DNA found at a crime scene.</p>
<p>More than a third of all those arrested in California in 2017 on suspicion of felony offenses were released and never charged, had their charges dismissed, or were acquitted. Retaining their profiles amounts to an invasion of privacy that violates the state’s constitution.</p>
<p>The State of California has moved to dismiss this case against its retention policies. At Wednesday’s hearing, Michael T. Risher will argue that retention of DNA from innocent people violates the California Constitution’s privacy protections, which are meant to block overbroad collection and unlawful searches of personal data. The California right to privacy requires the government to expunge DNA samples and profiles taken from arrestees who were never charged or whose charges have been dismissed.</p>
<p>WHAT:<br /> Hearing in <em>Center for Genetics and Society v. Becerra</em><em></em></p>
<p>WHO:<br /> EFF co-counsel Michael T. Risher</p>
<p>WHEN:<br /> Wednesday, May 1<br />9:30 am</p>
<p>WHERE:<br /> San Francisco Superior Court<br />Civic Center Courthouse, Dept. 302<br /> 400 McAllister St<br /> San Francisco, CA 94102</p>
<p>For more on this case:<br /><a href="https://www.eff.org/cases/center-genetics-and-society-v-becerra">https://www.eff.org/cases/center-genetics-and-society-v-becerra</a></p>
</div></div></div><div class="field field--name-field-contact field--type-node-reference field--label-above"><div class="field__label">Contact: </div><div class="field__items"><div class="field__item even"><div class="ds-1col node node--profile node--promoted view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Rebecca</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Jeschke</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Media Relations Director and Digital Rights Analyst</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:rebecca@eff.org">rebecca@eff.org</a></div></div></div> </div>
</div>
</div></div></div>
[EFF] Content Moderation is Broken. Let Us Count the Ways.
2019-04-29T17:10:56Z
Jillian C. York
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>Social media platforms regularly engage in “content moderation”—the depublication, downranking, and sometimes outright censorship of information and/or user accounts from social media and other digital platforms, usually based on an alleged violation of a platform’s “community standards” policy. In recent years, this practice has become a matter of intense public interest. Not coincidentally, thanks to growing pressure from governments and some segments of the public to restrict various types of speech, it has also become more pervasive and aggressive, as companies struggle to self-regulate in the hope of avoiding legal mandates. </span></p>
<p><span>Many of us view content moderation as a given, an integral component of modern social media. But the specific contours of the system were hardly foregone conclusions. In the early days of social media, decisions about what to allow and what not to were often made by small teams or even individuals, and often on the fly. And those decisions continue to shape our social media experience today.</span></p>
<p><span>Roz Bowden—who spoke about her experience at UCLA’s </span><a href="https://atm-ucla2017.net/about/"><span>All Things in Moderation</span></a><span> conference in 2017—ran the graveyard shift at MySpace from 2005 to 2008, training content moderators and devising rules as they went along. Last year, Bowden </span><a href="https://www.bbc.co.uk/news/technology-45664643"><span>told the BBC</span></a><span>:</span></p>
<blockquote><p>We had to come up with the rules. Watching porn and asking whether wearing a tiny spaghetti-strap bikini was nudity? Asking how much sex is too much sex for MySpace? Making up the rules as we went along. Should we allow someone to cut someone's head off in a video? No, but what if it is a cartoon? Is it OK for Tom and Jerry to do it?</p>
</blockquote>
<p><span>Similarly, in the early days of Google, then-deputy general counsel Nicole Wong was internally known as “</span><a href="https://www.nytimes.com/2008/11/30/magazine/30google-t.html"><span>The Decider</span></a><span>” as a result of the tough calls she and her team had to make about controversial speech and other expression. In a </span><a href="https://www.nytimes.com/2008/11/30/magazine/30google-t.html"><span>2008 New York </span><i><span>Times </span></i><span>profile</span></a><span> of Wong and Google’s policy team, Jeffrey Rosen wrote that as a result of Google’s market share and moderation model, “Wong and her colleagues arguably have more influence over the contours of online expression than anyone else on the planet.”</span></p>
<p><span>Built piecemeal over the years by a number of different actors passing through </span><a href="https://www.nationalreview.com/corner/eric-holder-silicon-valley-new-revolving-door/"><span>Silicon Valley’s revolving doors</span></a><span>, content moderation was never meant to operate at the scale of billions of users. The engineers who designed the platforms we use on a daily basis failed to imagine that one day they would be used by activists to </span><a href="https://illumemagazine.com/articleDetail.php?Social-Media-s-Role-in-Tunisia-s-Uprising-13444"><span>spread word of an uprising</span></a><span>...or by state actors to </span><a href="https://www.nytimes.com/2018/10/15/technology/myanmar-facebook-genocide.html"><span>call for genocide</span></a><span>. And as pressure from lawmakers and the public to restrict various types of speech—from </span><a href="https://www.eff.org/deeplinks/2019/02/eus-proposal-curb-dissemination-terrorist-content-will-have-chilling-effect-speech"><span>terrorism</span></a><span> to </span><a href="https://www.eff.org/deeplinks/2018/09/fake-news-and-elections-brazil-several-initiatives-no-easy-answer"><span>fake news</span></a><span>—grows, companies are desperately looking for ways to moderate content at scale.</span></p>
<p>They won’t succeed—at least if they care about protecting online expression even half as much as they care about their bottom line.</p>
<h3><b>The Content Moderation System Is Fundamentally Broken. Let Us Count the Ways:</b></h3>
<h4><b>1. Content Moderation Is a Dangerous Job—But We Can’t Look to Robots to Do It Instead</b></h4>
<p><span>As a practice, content moderation relies on people in far-flung (and almost always economically less well-off) locales to cleanse our online spaces of the worst that humanity has to offer so that we don’t have to see it. Most major platforms outsourcing the work to companies abroad, where some workers are reportedly paid </span><a href="https://www.reuters.com/article/us-facebook-content-india-feature/some-facebook-content-reviewers-in-india-complain-of-low-pay-high-pressure-idUSKCN1QH15I"><span>as little as $6 a day</span></a><span> and others report </span><a href="https://www.theverge.com/2019/2/25/18229714/cognizant-facebook-content-moderator-interviews-trauma-working-conditions-arizona"><span>traumatic working conditions</span></a><span>. Over the past few years, researchers such as EFF Pioneer Award winner Sarah T. Roberts have </span><a href="https://www.macleans.ca/opinion/meet-the-people-who-scar-themselves-to-clean-up-our-social-media-networks/"><span>exposed</span></a><span> just how harmful a job it can be to workers.</span></p>
<p>Companies have also tried replacing human moderators with AI, thereby solving at least one problem (the psychological impact that comes from viewing gory images all day), but potentially replacing it with another: an even more secretive process in which false positives may never see the light of day.</p>
<h4><b>2. Content Moderation Is Inconsistent and Confusing</b></h4>
<p><span>For starters, let’s talk about resources. Companies like Facebook and YouTube expend significant resources on content moderation, employing thousands of workers and utilizing sophisticated automation tools to flag or remove undesirable content. But one thing is abundantly clear: The resources allocated to content moderation aren’t distributed evenly. Policing copyright is a top priority, and because </span><a href="https://venturebeat.com/2018/04/25/zuckerberg-its-easier-to-detect-a-nipple-than-hate-speech-with-ai/"><span>automation can detect nipples better than it can recognize hate speech</span></a><span>, users often complain that more attention is given to policing women’s bodies than to speech that might actually be harmful.</span></p>
<p><span>But the system of moderation is also </span><i><span>inherently </span></i><span>inconsistent. Because it relies largely on </span><a href="https://opennet.net/policing-content-quasi-public-sphere"><span>community policing</span></a><span>—that is, on people reporting other people for real or perceived violations of community standards—some users are bound to be more heavily impacted than others. A person with a public profile and a lot of followers is mathematically more likely to be reported than a less popular user. And when a public figure </span><i><span>is</span></i><span> removed by one company, it can create a domino effect whereby </span><a href="https://www.buzzfeednews.com/article/johnpaczkowski/apple-is-removing-alex-jones-and-infowars-podcasts-from"><span>other companies follow their lead</span></a><span>.</span></p>
<p><span>Problematically, companies’ community standards also often feature exceptions for public figures: That’s why the president of the United States can </span><a href="https://www.washingtonpost.com/nation/2019/01/18/would-calling-murder-get-trump-banned-twitter-ceo-jack-dorsey-wont-say/?utm_term=.a9ab1cf1272e"><span>tweet hateful things with impunity</span></a><span>, but an ordinary user can’t. While there’s some sense to such policies—people should know what their politicians are saying—certain speech obviously carries more weight when spoken by someone in a position of authority.</span></p>
<p><span>Finally, when public pressure forces companies to react quickly to new “threats,” they tend to </span><i><span>over</span></i><span>react. For example, after </span><a href="https://www.vox.com/culture/2018/4/13/17172762/fosta-sesta-backpage-230-internet-freedom"><span>the passing of FOSTA</span></a><span>—a law purportedly designed to stop sex trafficking but which, as a result of sweepingly broad language, has resulted in confusion and overbroad censorship by companies—Facebook implemented a </span><a href="https://www.eff.org/deeplinks/2018/12/facebooks-sexual-solicitation-policy-honeypot-trolls"><span>policy on sexual solicitation</span></a><span> that was essentially a honeypot for trolls. In responding to ongoing violence in Myanmar, the company created </span><a href="https://motherboard.vice.com/en_us/article/j5ny5d/facebook-training-manuals-documents-fell-fake-news"><span>an internal manual that contained elements of misinformation</span></a><span>. And it’s clear that some actors have greater ability to influence companies than others: A call from Congress or the European Parliament carries a lot more weight in Silicon Valley than one that originates from a country in Africa or Asia. By reacting to the media, governments, or other powerful actors, companies reinforce the power that such groups already have.</span></p>
<h4><b>3. Content Moderation Decisions Can Cause Real-World Harms to Users as Well as Workers</b></h4>
<p><span>Companies’ attempts to moderate what they deem undesirable content has all too often had a </span><a href="https://onlinecensorship.org/content/infographics"><span>disproportionate effect on already-marginalized groups</span></a><span>. Take, for example, the attempt by companies to eradicate homophobic and transphobic speech. While that sounds like a worthy goal, these policies have resulted in LGBTQ users being censored for </span><a href="https://www.theverge.com/2017/6/13/15794296/twitter-suspended-meakoopa-anthony-oliveira-controversy"><span>engaging in counterspeech</span></a><span> or for </span><span><a href="https://www.wired.com/story/facebooks-hate-speech-policies-censor-marginalized-users/">using reclaimed terms like “dyke”.</a> </span></p>
<p><span>Similarly, Facebook’s efforts to remove hate speech have impacted individuals who have tried to use the platform to </span><a href="https://www.usatoday.com/story/tech/2017/08/03/facebook-ijeoma-oluo-hate-speech/537682001/"><span>call out racism</span></a><span> by sharing the content of hateful messages they’ve received. As an article in the Washington </span><i><span>Post</span></i> <a href="https://www.washingtonpost.com/business/economy/for-facebook-erasing-hate-speech-proves-a-daunting-challenge/2017/07/31/922d9bc6-6e3b-11e7-9c15-177740635e83_story.html?utm_term=.cca658c450a4"><span>explained</span></a><span>, “Compounding their pain, Facebook will often go from censoring posts to locking users out of their accounts for 24 hours or more, without explanation — a punishment known among activists as ‘Facebook jail.’”</span></p>
<p><span>Content moderation can also pose harms to business. Small and large businesses alike increasingly rely on social media advertising, but strict content rules disproportionately impact certain types of businesses. Facebook bans ads that it deems “</span><span>overly suggestive or sexually provocative”, a practice that has had a chilling effect on </span><a href="https://venturebeat.com/2018/04/05/facebooks-ad-policies-are-hurting-womens-health-startups/"><span>women’s health startups</span></a><span>, </span><a href="https://kernelmag.dailydot.com/issue-sections/features-issue-sections/12796/facebook-nudity-breasts-advertising/"><span>bra companies</span></a><span>, a </span><a href="https://www.recode.net/2017/11/16/16658534/sarah-lacy-uterus-feature-not-bug-book-feminism-sheryl-sandberg-lean-in-recode-media-peter-kafka"><span>book</span></a><span> whose title contains the word “uterus”, and even </span><a href="https://www.theatlantic.com/health/archive/2015/03/when-social-media-censors-sex-education/385576/"><span>the National Campaign to Prevent Teen and Unwanted Pregnancy</span></a><span>.</span></p>
<h4><b>4. Appeals Are Broken, and Transparency Is Minimal</b></h4>
<p>For many years, users who wished to appeal a moderation decision had no feasible path for doing so...unless of course they had access to someone at a company. As a result, public figures and others with access to digital rights groups or the media were able to get their content reinstated, while others were left in the dark.</p>
<p><span>In recent years, some companies have made great strides in improving due process: Facebook, for example, </span><a href="https://www.npr.org/2018/04/24/605107093/facebook-updates-community-standards-expands-appeals-process"><span>expanded its appeals process</span></a><span> last year. Still, users of various platforms complain that appeals lack result or go unanswered, and the introduction of more </span><a href="https://www.eff.org/deeplinks/2018/10/blunt-policies-and-secretive-enforcement-mechanisms-lgbtq-and-sexual-health"><span>subtle enforcement mechanisms</span></a><span> by some companies has meant that some moderation decisions are without a means of appeal.</span></p>
<p><span>Last year, we joined several organizations and academics in creating the </span><a href="https://santaclaraprinciples.org/"><span>Santa Clara Principles on Transparency and Accountability in Content Moderation</span></a><span>, a set of minimum standards that companies should implement to ensure that their users have access to due process and receive notification when their content is restricted, and to provide transparency to the public about what expression is being restricted and how.</span></p>
<p>In the current system of content moderation, these are necessary measures that every company must take. But they are just a start. </p>
<h3><b>No More Magical Thinking</b></h3>
<p>We shouldn’t look to Silicon Valley, or anyone else, to be international speech police for practical as much as political reasons. Content moderation is extremely difficult to get right, and at the scale at which some companies are operating, it may be impossible. As with any system of censorship, mistakes are inevitable. As companies increasingly use artificial intelligence to flag or moderate content—another form of harm reduction, as it protects workers—we’re inevitably going to see more errors. And although the ability to appeal is an important measure of harm reduction, it’s not an adequate remedy.</p>
<p>Advocates, companies, policymakers, and users have a choice: try to prop up and reinforce a broken system—or remake it. If we choose the latter, which we should, here are some preliminary recommendations:</p>
<ul><li><i><span>Censorship must be rare and well-justified, particularly by tech giants. </span></i><span>At a minimum, that means (1) Before banning a category of speech, policymakers and companies must explain what makes that category so exceptional, and the rules to define its boundaries must be clear and predictable. Any restrictions on speech should be both necessary and proportionate. Emergency takedowns, such as those that followed the recent attack in New Zealand, must be well-defined and reserved for true emergencies. And (2) when content is flagged as violating community standards, absent exigent circumstances companies must notify the user and give them an opportunity to appeal before the content is taken down. If they choose to appeal, the content should stay up until the question is resolved. But (3) smaller platforms dedicated to serving specific communities may want to take a more aggressive approach. That’s fine, as long as Internet users have a range of meaningful options with which to engage.</span><span></span></li>
<li><i><span>Consistency</span></i><span>. Companies should align their policies with human rights norms. In </span><a href="https://www.eff.org/deeplinks/2018/06/un-report-sets-forth-strong-recommendations-companies-protect-free-expression"><span>a paper published last year</span></a><span>, David Kaye—the UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression—recommends that companies adopt policies that allow users to </span><span>“develop opinions, express themselves freely and access information of all kinds in a manner consistent with human rights law.”</span><span> We agree, and we’re joined in that opinion by a growing coalition of civil liberties and human rights organizations.</span></li>
<li><i><span>Tools.</span></i><span> Not everyone will be happy with every type of content, so users should be provided with more individualized tools to have control over what they see. For example, rather than banning consensual adult nudity outright, a platform could allow users to turn on or off the option to see it in their settings. Users could also have the option to share their settings with their community to apply to their own feeds.</span></li>
<li><i><span>Evidence-based policymaking. </span></i><span>Policymakers should tread carefully when operating without facts, and not fall victim to political pressure. For example, while we know that disinformation spreads rapidly on social media, many of the policies created by companies in the wake of pressure appear to have had little effect. Companies should work with researchers and experts to respond more appropriately to issues.</span><span></span></li>
</ul><p><span>Recognizing that something needs to be done is easy. Looking to AI to help do that thing is also easy. Actually doing content moderation well is very, very difficult, and you should be suspicious of any claim to the contrary.</span></p>
</div></div></div>
[EFF] Judge Dodges Legality of NSA Mass Spying, Citing Secrecy Claims
2019-04-26T23:01:34Z
Aaron Mackey
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>EFF's case challenging NSA spying, Jewel v. NSA, has come further than any case trying to end the government's mass surveillance programs. Our clients have survived multiple efforts by the government to end the case, and they continue to push for their day in court. As a result, we're no stranger to overcoming legal obstacles thrown our way.</span></p>
<p><span>The latest obstacle came Thursday, when the court hearing our long-running case challenging NSA spying ruled that the lawsuit <a href="https://www.eff.org/document/jewel-v-nsa-order-granting-governments-summary-judgment-motion">should be dismissed</a> on account of the government's argument that to proceed further would jeopardize national security. Athough we are disappointed that the case was dismissed on the basis of the government’s state secrecy arguments, we <a href="https://www.eff.org/deeplinks/2019/04/government-fights-trap-effs-nsa-spying-case-catch-22">are not surprised.</a> </span></p>
<p><span>T</span>he Justice Department insists that our legal fight against this spying is bound by a<span> </span><a href="https://en.wikipedia.org/wiki/Catch-22_(logic)">Catch-22</a>: no one can sue unless the court first determines that they were certainly touched by the vast surveillance mechanisms of the NSA. But, the government argued successfully, the court cannot decide whether any particular person’s email, web searches, social media or phone calls were touched by the surveillance unless the government admits it. Which, of course, it will not do.</p>
<p><span>We took on this circular argument last month. </span>EFF Special Counsel Richard Wiebe reviewed the <a href="https://www.eff.org/document/public-unredacted-klein-declaration">enormous</a> <a href="https://oig.justice.gov/special/s0907.pdf">amount</a> of <a href="https://www.realclearpolitics.com/Commentary/com-1_20_06_MK.html">direct</a> <a href="https://www.documentcloud.org/documents/727943-exhibit-a.html">and</a> <a href="https://www.eff.org/deeplinks/2018/10/new-witness-and-new-experts-bolster-our-jewel-case-we-fight-governments-latest-0">circumstantial</a> evidence showing our clients’ communications likely swept up by the NSA dragnet surveillance to establish legal “standing.” We noted that it’s not necessary to absolutely establish that our client’s communications were touched by the surveillance to prevent dismissal. Given the mountain of evidence that we have presented and the admitted scope of the program, there is likely no chance that our clients’ communications—like the communications of millions of innocent Americans—weren’t touched by the government's programs.</p>
<p>We also directly addressed the government’s state secret claims, which were first rejected by the Court in 2006 but which the DOJ continues to assert. We got a boost from a recent court<span> </span><a href="http://cdn.ca9.uscourts.gov/datastore/opinions/2019/02/28/12-56867.pdf">ruling</a><span> </span>in the U.S. District Court of Appeals for the Ninth Circuit,<span> </span><em>Fazaga v FBI</em>, which flatly rejected the application of the state secret privilege in electronic surveillance cases. It instead found that Congress required the courts to use a part of the Foreign Intelligence Surveillance Act, 50 U.S.C. 1806(f), to decide whether the alleged spying was lawful. That same law<span> </span><a href="https://www.eff.org/document/plaintiffs-opposition-governments-summary-judgment-motion-and-plaintiffs-motion-proceed">should be used</a><span> </span>in<span> </span><em>Jewel</em>.</p>
<p>The court hearing the case sided with the government. We think the decision is wrong. Moreover, t<span>he American people deserve to know whether mass surveillance is legal and constitutional. </span><span>We look forward to seeking review in the Ninth Circuit.</span></p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases: </div><div class="field__items"><div class="field__item even"><a href="/cases/jewel">Jewel v. NSA</a></div></div></div>
[EFF] Alavaro Bedoya Highlights the Critical Connection between Civil Liberties and Civil Rights
2019-04-25T23:14:10Z
Shahid Buttar
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Earlier this month, Georgetown Law Professor Alvaro Bedoya <a href="https://www.youtube.com/embed/SaY4h3BhXMc&feature=youtu.be&t=958&fbclid=IwAR0kGghLaTHKLcFDzp6s2IWIP2RSOIWZU3zXf8LdlJLn1qKVtNHUNlv_t00">delivered</a> the U.S. Senator Dennis Chavez Memorial Lecture in Law & Civil Rights at The University of New Mexico School of Law, titled “<a href="https://docs.google.com/document/d/1Px-Q5MFw54HGpJhY4Q_HQDoKF8qLU79wmPJXsoEpXYI/edit">Privacy and Civil Rights in the Age of Facebook, ICE, and the NSA</a>.” His remarks neatly encapsulated many of the reasons why we at EFF work to challenge state surveillance. Put simply, privacy is a public value that enables freedom of expression. Without it, our democracy stands at risk, as do communities that have long confronted bias and discrimination.</p>
<p>Professor Bedoya’s comments trace the historical arc of the resistance to the McCarthy era in Congress, which he suggests started with the support of free speech shown by Senator Dennis Chavez (D-NM) in the face of McCarthy’s crackdown on freedom of expression. The very first U.S.-born Latino member of the Senate, Chavez argued in defense of dissent and challenged McCarthy at a crucial time when others were unwilling.</p>
<p>Professor Bedoya goes on to examine how surveillance offends not only privacy, but also other important social values, including dissent. He asks: </p>
<blockquote><p>Who hears the word “privacy” and thinks about equality? Who hears the word “surveillance” and thinks about racism or bigotry or intolerance? Not many. Nowadays, the motto is that “everyone is watched.”</p>
<p>But at its heart, privacy is about human dignity: Whether the government feels it can invade your dignity, and whether the government feels it has to protect the most sensitive, most intimate facts of your life.</p>
<p>And invasions of privacy -- the watching and tracking and sharing of data -- those invasions do not affect everyone equally…. Yes, privacy is a civil liberty. I am here to tell you that privacy is also a civil right.</p>
<p>[W]hen we talk about privacy only as a civil liberty, we also ignore the benefits of privacy: Surveillance threatens vulnerable people fighting for equality. Privacy is what protects them and makes it possible.</p>
</blockquote>
<p>Bedoya, in conversation with EFF’s executive director Cindy Cohn, explored many of the same themes in the pages of a <a href="https://www.mcsweeneys.net/">McSweeney’s</a> volume that we helped create called “<a href="https://www.eff.org/the-end-of-trust">The End of Trust</a>.” As part of a wide-ranging conversation about mass surveillance and civil rights, Bedoya noted:</p>
<blockquote><p>I think that "I have nothing to hide" is another way of saying, "I have privilege," or "I'm a relatively powerful person who is from the right side of the tracks, who has political opinions that aren’t considered radical, who has the luxury of being the right gender and sexual orientation." We need to stop talking about privacy as this vague, undefined thing. We need to recognize that it is a shield for the vulnerable. </p>
</blockquote>
<p>Bedoya’s perspective also reflects EFF’s view, which we have explained in several settings that illustrate the intersections between civil liberties and civil rights. </p>
<p>Just a few weeks ago, on the anniversary of several seminal Supreme Court decisions protecting free speech, we wrote about how the <a href="https://www.eff.org/deeplinks/2019/03/inextricable-link-between-modern-free-speech-law-and-civil-rights-movement">historical origins of those cases</a> closely implicated civil rights struggles. Put simply, our modern free speech judicial decisions arose directly from, and ultimately protected and promoted, the civil rights movement. </p>
<p>The connection between free speech and civil rights is not merely historical, however. Just as during the COINTELPRO era, <a href="https://theintercept.com/2019/03/23/black-identity-extremist-fbi-domestic-terrorism/">law enforcement</a> and <a href="https://theintercept.com/2017/06/03/standing-rock-documents-expose-inner-workings-of-surveillance-industrial-complex/">private contractors</a> today use surveillance to intimidate, divide, and “neutralize” domestic social movements. Activists, protestors and others increasingly have to navigate a world where police departments across the U.S. deploy <a href="https://www.eff.org/issues/street-level-surveillance">sophisticated surveillance technology</a>—including tools originally developed for military application—in civilian streets. From <a href="https://www.eff.org/pages/automated-license-plate-readers-alpr">Automated License Plate Reader</a> devices to <a href="https://www.eff.org/pages/cell-site-simulatorsimsi-catchers">tools that spy on cell</a> phone voice and data networks, surveillance technologies are disproportionately used towards communities already at risk of law enforcement abuses.</p>
<p>EFF has taken action to defend free speech where it stands most threatened: at sites where disenfranchised communities are directly confronting state power. We have worked across the U.S. to support <a href="https://www.eff.org/deeplinks/2018/12/cambridge-ma-joins-growing-ranks-cities-requiring-civilian-control-police">local laws</a> requiring civilian oversight of local police surveillance. We also deployed investigators to Standing Rock in 2016 to <a href="https://www.eff.org/deeplinks/2016/12/investigating-law-enforcements-use-technology-surveil-and-disrupt-nodapl-water">attempt to document</a> the presence of surveillance devices. While our efforts to document secret government surveillance there were inconclusive, we remain committed to defending the right to free expression for dissidents.</p>
<p>Beyond the U.S., these issues also emerge far and wide in international contexts. In the Middle East and North Africa, EFF has long <a href="https://www.eff.org/offline">supported</a> bloggers, journalists, and technologists who are taken offline by oppressive governments. Similar issues have emerged in other countries, from <a href="https://www.eff.org/deeplinks/2018/01/proposed-constitutional-amendment-poses-grave-threat-free-expression-philippines">the Philippines</a> to the <a href="https://www.eff.org/deeplinks/2018/09/uk-surveillance-regime-violated-human-rights">United Kingdom</a>.</p>
<p>Bedoya’s speech (and his other efforts including the <a href="https://www.law.georgetown.edu/privacy-technology-center/events/color-of-surveillance-2018/">Color of Surveillance</a> conference) are key pieces of a growing effort to ensure that privacy and protection from surveillance are seen as part of defending civil rights. Challenging surveillance is a critical part of protecting marginalized communities and helping the voiceless regain their voices online.</p>
</div></div></div>
[EFF] Alvaro Bedoya Highlights the Critical Connection between Civil Liberties and Civil Rights
2019-04-25T23:14:10Z
Shahid Buttar
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Earlier this month, Georgetown Law Professor Alvaro Bedoya <a href="https://www.youtube.com/embed/SaY4h3BhXMc&feature=youtu.be&t=958&fbclid=IwAR0kGghLaTHKLcFDzp6s2IWIP2RSOIWZU3zXf8LdlJLn1qKVtNHUNlv_t00">delivered</a> the U.S. Senator Dennis Chavez Memorial Lecture in Law & Civil Rights at The University of New Mexico School of Law, titled “<a href="https://docs.google.com/document/d/1Px-Q5MFw54HGpJhY4Q_HQDoKF8qLU79wmPJXsoEpXYI/edit">Privacy and Civil Rights in the Age of Facebook, ICE, and the NSA</a>.” His remarks neatly encapsulated many of the reasons why we at EFF work to challenge state surveillance. Put simply, privacy is a public value that enables freedom of expression. Without it, our democracy stands at risk, as do communities that have long confronted bias and discrimination.</p>
<p>Professor Bedoya’s comments trace the historical arc of the resistance to the McCarthy era in Congress, which he suggests started with the support of free speech shown by Senator Dennis Chavez (D-NM) in the face of McCarthy’s crackdown on freedom of expression. The very first U.S.-born Latino member of the Senate, Chavez argued in defense of dissent and challenged McCarthy at a crucial time when others were unwilling.</p>
<p>Professor Bedoya goes on to examine how surveillance offends not only privacy, but also other important social values, including dissent. He asks: </p>
<blockquote><p>Who hears the word “privacy” and thinks about equality? Who hears the word “surveillance” and thinks about racism or bigotry or intolerance? Not many. Nowadays, the motto is that “everyone is watched.”</p>
<p>But at its heart, privacy is about human dignity: Whether the government feels it can invade your dignity, and whether the government feels it has to protect the most sensitive, most intimate facts of your life.</p>
<p>And invasions of privacy -- the watching and tracking and sharing of data -- those invasions do not affect everyone equally…. Yes, privacy is a civil liberty. I am here to tell you that privacy is also a civil right.</p>
<p>[W]hen we talk about privacy only as a civil liberty, we also ignore the benefits of privacy: Surveillance threatens vulnerable people fighting for equality. Privacy is what protects them and makes it possible.</p>
</blockquote>
<p>Bedoya, in conversation with EFF’s executive director Cindy Cohn, explored many of the same themes in the pages of a <a href="https://www.mcsweeneys.net/">McSweeney’s</a> volume that we helped create called “<a href="https://www.eff.org/the-end-of-trust">The End of Trust</a>.” As part of a wide-ranging conversation about mass surveillance and civil rights, Bedoya noted:</p>
<blockquote><p>I think that "I have nothing to hide" is another way of saying, "I have privilege," or "I'm a relatively powerful person who is from the right side of the tracks, who has political opinions that aren’t considered radical, who has the luxury of being the right gender and sexual orientation." We need to stop talking about privacy as this vague, undefined thing. We need to recognize that it is a shield for the vulnerable. </p>
</blockquote>
<p>Bedoya’s perspective also reflects EFF’s view, which we have explained in several settings that illustrate the intersections between civil liberties and civil rights. </p>
<p>Just a few weeks ago, on the anniversary of several seminal Supreme Court decisions protecting free speech, we wrote about how the <a href="https://www.eff.org/deeplinks/2019/03/inextricable-link-between-modern-free-speech-law-and-civil-rights-movement">historical origins of those cases</a> closely implicated civil rights struggles. Put simply, our modern free speech judicial decisions arose directly from, and ultimately protected and promoted, the civil rights movement. </p>
<p>The connection between free speech and civil rights is not merely historical, however. Just as during the COINTELPRO era, <a href="https://theintercept.com/2019/03/23/black-identity-extremist-fbi-domestic-terrorism/">law enforcement</a> and <a href="https://theintercept.com/2017/06/03/standing-rock-documents-expose-inner-workings-of-surveillance-industrial-complex/">private contractors</a> today use surveillance to intimidate, divide, and “neutralize” domestic social movements. Activists, protestors and others increasingly have to navigate a world where police departments across the U.S. deploy <a href="https://www.eff.org/issues/street-level-surveillance">sophisticated surveillance technology</a>—including tools originally developed for military application—in civilian streets. From <a href="https://www.eff.org/pages/automated-license-plate-readers-alpr">Automated License Plate Reader</a> devices to <a href="https://www.eff.org/pages/cell-site-simulatorsimsi-catchers">tools that spy on cell</a> phone voice and data networks, surveillance technologies are disproportionately used towards communities already at risk of law enforcement abuses.</p>
<p>EFF has taken action to defend free speech where it stands most threatened: at sites where disenfranchised communities are directly confronting state power. We have worked across the U.S. to support <a href="https://www.eff.org/deeplinks/2018/12/cambridge-ma-joins-growing-ranks-cities-requiring-civilian-control-police">local laws</a> requiring civilian oversight of local police surveillance. We also deployed investigators to Standing Rock in 2016 to <a href="https://www.eff.org/deeplinks/2016/12/investigating-law-enforcements-use-technology-surveil-and-disrupt-nodapl-water">attempt to document</a> the presence of surveillance devices. While our efforts to document secret government surveillance there were inconclusive, we remain committed to defending the right to free expression for dissidents.</p>
<p>Beyond the U.S., these issues also emerge far and wide in international contexts. In the Middle East and North Africa, EFF has long <a href="https://www.eff.org/offline">supported</a> bloggers, journalists, and technologists who are taken offline by oppressive governments. Similar issues have emerged in other countries, from <a href="https://www.eff.org/deeplinks/2018/01/proposed-constitutional-amendment-poses-grave-threat-free-expression-philippines">the Philippines</a> to the <a href="https://www.eff.org/deeplinks/2018/09/uk-surveillance-regime-violated-human-rights">United Kingdom</a>.</p>
<p>Bedoya’s speech (and his other efforts including the <a href="https://www.law.georgetown.edu/privacy-technology-center/events/color-of-surveillance-2018/">Color of Surveillance</a> conference) are key pieces of a growing effort to ensure that privacy and protection from surveillance are seen as part of defending civil rights. Challenging surveillance is a critical part of protecting marginalized communities and helping the voiceless regain their voices online.</p>
</div></div></div>
[EFF] It’s Now Even Easier To Spot the Surveillance With Updates to EFF’s VR App
2019-04-25T20:52:01Z
Jason Kelley
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>To make it easier for everyone to recognize surveillance “in the wild,” EFF is fighting back with Spot the Surveillance, a virtual reality (VR) experience that teaches people how to identify the various spying technologies that police may deploy in communities. And with a major update to the software released today, spotting the surveillance has gotten even easier! </span></p>
<p><span>After demonstrating the app to nearly 500 users in person, many of whom offered feedback and suggestions, today we’re releasing Spot the Surveillance v 1.2. The latest version brings with it several enhancements and fixes based on that feedback and additional accessibility testing (Spot the Surveillance was created with accessibility in mind, so is entirely gaze-based for people with mobility challenges, and audio is also used to assist low-vision users.) This version also includes upgraded code logic and performance thanks to the Mozilla A-frame team.</span></p>
<h3><b>New “Easy Mode” Helps You Spot the Surveillance </b></h3>
<p><span>Police surveillance technology is often hard to find. Automated license plate readers can be subtly attached to the top of police cars, cameras can be intentionally hidden inside of black domes, and biometric scanners can be inside cases within police officer’s tool-belts. We’ve tried to represent this accurately in Spot the Surveillance, to give users a realistic sense of what to look for when they’re out in the world. But to ensure that you can locate all of the devices, we’ve added a new “Easy Mode” that places circular highlights around the devices. </span></p>
<p class="center-image"><img src="/files/2019/04/25/stsgif_3.gif" width="328" height="438" alt="An image of the spot the surveillance entrance screen. The screen contains a "GET STARTED" button and a button below that which says "TURN ON EASY MODE". This gif shows the cursor hovering over "TURN ON EASY MODE" until it is highlighted." title="To turn on EASY MODE, move the cursor over the "Turn on EASY MODE before starting" button until it is highlighted. Then, start as usual by moving the cursor over "Get Started". Once you do so, surveillance devices will be highlighted, to make spotting them simpler." /></p>
<p><span>To turn on EASY MODE, move the cursor over the "Turn on EASY MODE before starting" button until it is highlighted. Then, start as usual by moving the cursor over "Get Started". Once you do so, surveillance devices will be highlighted, to make spotting them simpler.</span></p>
<p><span>Whether you’ve played before and were having trouble locating that particularly troublesome telephone pole-mounted surveillance camera, you want to complete a speedrun, or you’d like to try out the app for the first time, you can now turn on Easy Mode with the flip of a switch. (Just don’t skip the informational dialogs that describe how the surveillance devices work!)</span></p>
<p class="center-image"><span><img src="/files/2019/04/24/spottrashcan.png" width="305" height="358" alt="This is an image from the spot the surveillance application. There is a trash can with two white circles around it." title="With EASY MODE on, the surveillance devices will be highlighted as above. (This is an example of the highlighting—the trash can is not a surveillance device.)" /></span></p>
<p class="center-image"><span>With EASY MODE on, the surveillance devices will be highlighted as above. (This is an example of the highlighting—the trash can is not a surveillance device.)</span></p>
<p class="center-image"><span></span></p>
<h3><b>Spot Surveillance En Espanol With New Spanish Version </b></h3>
<p><span>Police surveillance isn't confined to any specific language, and neither is the fight against it. We’ve now translated all the text and audio in the app into Spanish, with the goal of helping even more users learn to recognize law enforcement surveillance devices in their communities. To enter the Spanish version, </span><a href="http://eff.org/spot-es"><span>just follow this link</span></a><span>.</span></p>
<p><span>Spot the Surveillance currently works best with a virtual reality headset and a browser that is capable of displaying WebVR. A less-immersive version will work on standard computer browsers through a click-and-drag interface and is </span><a href="https://www.eff.org/spot"><span>available here</span></a><span>. For more instructions, visit the Spot the Surveillance page on our Street-Level Surveillance </span><a href="https://www.eff.org/pages/spot-surveillance-vr-experience-keeping-eye-big-brother"><span>site</span></a><span>. If you’re attending this year’s CryptoRave in São Paulo, Brazil, EFF will be there demo’ing this new version of Spot the Surveillance. </span></p>
<p><span>For full release notes, <a href="https://github.com/EFForg/spot_the_surveillance">visit the repository</a>.</span></p>
<p><span>This project was supported during its development through the XRstudio residency program at Mozilla. The project was also made possible with the support of a 2018 Journalism 360 Challenge grant. Journalism 360 is a global network of storytellers accelerating the understanding and production of immersive journalism. Its founding partners are the John S. and James L. Knight Foundation, Google News Initiative, and the Online News Association.</span></p>
</div></div></div>
[EFF] Skip the Surveillance By Opting Out of Face Recognition At Airports
2019-04-25T06:38:56Z
Jason Kelley
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>Government agencies and airlines have ignored </span><a href="https://www.eff.org/deeplinks/2017/11/tsa-plans-use-face-recognition-track-americans-through-airports"><span>years</span></a><span> of </span><a href="https://www.eff.org/deeplinks/2018/12/year-review-airport-surveillance-takes-new-dangerous-direction"><span>warnings</span></a><span> from </span><a href="https://www.airportfacescans.com"><span>privacy groups</span></a> <a href="https://www.buzzfeednews.com/article/daveyalba/these-senators-want-homeland-security-to-pause-its-facial"><span>and Senators</span></a><span> that using face recognition technology on travelers would massively violate their privacy. Now, the passengers are in revolt as well, and they’re demanding answers. </span></p>
<p><span>Last week, a lengthy </span><a href="https://twitter.com/mackenzief/status/1118509708673998848?s=19"><span>exchange on Twitter</span></a><span> between a traveler who was concerned about her privacy and a spokesperson for the airline JetBlue went viral, and many of the questions asked by the traveler and others were the same ones that </span><a href="https://www.eff.org/deeplinks/2018/02/customs-and-border-protections-biometric-data-snooping-goes-too-far"><span>we’ve posed to Customs and Border Protection</span></a><span> (CBP) officials: Where did you get my data? How is it protected? Which airports will use this? Where in the airports will it be used? </span><i><span>Most importantly, how do I opt-out?</span></i></p>
<p class="pull-quote"><span>Right now, the key to opting out of face recognition is to be vigilant.</span></p>
<h3><span><b><br />How to Opt Out</b></span></h3>
<p><span>These questions should be simple to answer, but we haven’t gotten simple answers. When we asked CBP for more information, they told us: “</span><a href="https://www.eff.org/document/customs-and-border-protection-response-effs-february-2018-letter-biometric-identification"><span>visit our website</span></a><span>.” </span><a href="https://www.cbp.gov/travel/biometrics/biometric-exit-faqs"><span>We did,</span></a><span> and we still have many of the same questions. Representatives for airlines, which partner directly with the government agencies, also seem unable to answer the concerns, as the JetBlue spokesperson </span><a href="https://twitter.com/JetBlue/status/1118655132252688384"><span>made evident</span></a><span>. Both agencies and airlines seemed to </span><a href="http://mediaroom.jetblue.com/investor-relations/press-releases/2018/11-15-2018-184045420"><span>expect no pushback</span></a><span> from passengers when they implemented this boarding-pass-replacing-panopticon. The convenience would win out, they seemed to assume, not expecting people to mind having their face scanned “</span><a href="https://www.cbp.gov/travel/biometrics"><span>the same way you unlock your phone</span></a><span>.” But now that “your face is your boarding pass” (as JetBlue awkwardly puts it), at least in some airports, the invasive nature of the system is much more clear, and travelers are understandably upset.</span></p>
<p><span>It might sound trite, but right now, the key to opting out of face recognition is to be vigilant. There’s no single box you can check, and importantly, it may not be possible for non-U.S. persons to opt out of face recognition entirely. For those who can opt out, you’ll need to spot the surveillance when it’s happening. To start, TSA PreCheck, Clear, and other ways of "skipping the line" often require biometric identification, and are often being used as test cases for these sorts of programs. Once you’re at the airport, be on the lookout for any time a TSA, CBP, or airline employee asks you to look into a device, or when there’s a kiosk or signage like those below. That means your biometric data is probably about to be scanned. </span></p>
<p class="center-image"><a href="https://www.eff.org/document/customs-and-border-protection-response-effs-february-2018-letter-biometric-identification" target="_blank" rel="noopener noreferrer"><img src="/files/2019/04/25/signed_eff_response_letter_2018_page_15.jpg" alt="Another example of signage CBP gave us as a response to our letter." width="510" height="660" /></a></p><div class="caption caption-center"><div class="caption-width-container"><div class="caption-inner"><a href="https://www.eff.org/document/customs-and-border-protection-response-effs-february-2018-letter-biometric-identification"><img src="/files/2019/04/25/signed_eff_response_letter_2018_page_13.jpg" alt="A sign in an airport explaining that there is face recognition being used in the area. This is an example of signage CBP gave us as a response to our letter." title="An example of signage CBP gave us as a response to our letter." width="580" height="751" /></a><p class="caption-text"><a href="https://www.eff.org/document/customs-and-border-protection-response-effs-february-2018-letter-biometric-identification"></a></p></div></div></div>
<p><span>At the moment, face recognition is most likely to happen at </span><a href="https://www.buzzfeednews.com/article/daveyalba/these-documents-reveal-the-governments-detailed-plan-for"><span>specific airports</span></a><span>, including Atlanta, Chicago, Seattle, San Francisco, Las Vegas, Los Angeles, Washington (Dulles and Reagan), Boston, Fort Lauderdale, Houston Hobby, Dallas/Fort Worth, JFK, Miami, San Jose, Orlando, and Detroit; while flying </span><a href="https://gizmodo.com/what-your-airline-wont-tell-you-about-those-creepy-airp-1834218228"><span>on Delta, JetBlue, Lufthansa, British Airways and American Airlines</span></a><span>; and in particular, on international flights. But, that doesn’t mean that other airlines and airports won’t implement it sooner rather than later. </span></p>
<p class="center-image"></p><div class="caption caption-center"><div class="caption-width-container"><div class="caption-inner"><img src="/files/2019/04/25/tsavisionbox.jpg" alt="A woman stands facing a small screen that's about five feet off the ground on a pedestal. This is an example of a face recognition kiosk from TSA's website." title="An example of a face recognition kiosk from TSA's website." width="455" height="706" /></div></div></div>
<p><span>To skip the surveillance, </span><a href="https://www.cbp.gov/travel/biometrics/biometric-exit-faqs"><span>CBP says</span></a><span> you “should notify a CBP Officer or an airline or airport representative in order to seek an alternative means of verifying [your] identity and documents.” Do the same when you encounter this with an airline. While there </span><i><span>should </span></i><span>be signage near the face recognition area, it may not be clear. If you’re concerned about creating a slight delay for yourself or other passengers, take note: though CBP has claimed to have a 98% accuracy rating in their pilot programs, the Office of the Inspector General could not verify those numbers, and even a 2% error rate would cause thousands of people to be misidentified every day. Most face recognition technology has significantly lower accuracy ratings than that, so you might actually be speeding things up by skipping the surveillance. </span></p>
<h3><b>The Long And Winding Biometric Pathway</b></h3>
<p><span>Part of the reason for the confusion about how to opt out is that there are actually (at least) three different face recognition checkpoints looming: Airlines want to use your face as your boarding pass, saying “it's about </span><a href="https://www.npr.org/sections/alltechconsidered/2017/06/26/534131967/facial-recognition-may-boost-airport-security-but-raises-privacy-worries"><span>convenience</span></a><span>.” CBP, which is part of the Department of Homeland Security (DHS), wants to use your face to check against DHS and State Department databases when you’re entering or exiting the country; and the TSA wants to compare your face against your photo identification throughout the airport. And if people are upset now, they will be furious to know this is just the beginning of the</span> <span>“biometric pathway” program: CBP and TSA want to use face recognition and other biometric data </span><a href="https://www.tsa.gov/sites/default/files/tsa_biometrics_roadmap.pdf"><span>to track everyone from check-in, through security, into airport lounges, and onto flights</span></a><span> (PDF). They’re moving fast, too, despite (or perhaps because of) the fact that there are no regulations on this sort of technology: DHS is hoping to </span><a href="https://thehill.com/policy/technology/439481-dhs-wants-to-use-facial-recognition-on-97-percent-of-departing-air"><span>use facial recognition on 97 percent of departing air passengers</span></a><span> within the next four years and </span><a href="https://www.buzzfeednews.com/article/daveyalba/these-senators-want-homeland-security-to-pause-its-facial"><span>100 percent</span></a><span> of all international passengers in the top 20 U.S. airports by 2021.</span></p>
<p class="pull-quote"><span><span>It’s the customers and passengers who will bear the burden when things go wrong,</span></span></p>
<p><span>If the government agencies get their way, new biometric data could be taken from/used against travelers wherever they are in the airport—and much of that collection will be implemented by private companies (even rental car companies are </span><a href="https://www.nbcnews.com/mach/science/biometric-screening-airports-spreading-fast-some-fear-face-scanning-systems-ncna982756"><span>getting in on the action</span></a><span>). CBP will store that facial recognition data for two weeks for U.S. citizens and lawful permanent residents, and for 75+ years for non-U.S. persons. In addition, the biometric data collected by at least some of these systems in the future—which can include your fingerprints, the image of your face, and the scan of your iris—will be stored in FBI and DHS databases and will be searched again and again for immigration, law enforcement, and intelligence checks, including checks against latent prints associated with unsolved crimes. </span></p>
<h3><b>Passengers Will Bear the Burden of Privacy Invasion, Not Airlines or Government Agencies </b></h3>
<p><span>It’s easy for companies and agencies to tout the convenience of this sort of massive data collection and sharing scheme. But as we’ve seen in notable privacy fiascos over the last few years—from Facebook’s </span><a href="https://www.nytimes.com/2018/03/17/us/politics/cambridge-analytica-trump-campaign.html"><span>Cambridge Analytica scandal</span></a><span>, to the breaches of the </span><a href="https://www.wired.com/2016/10/inside-cyberattack-shocked-us-government/"><span>Office of Personnel Management</span></a><span> and </span><a href="https://www.eff.org/deeplinks/2017/09/will-equifax-data-breach-finally-spur-courts-and-lawmakers-recognize-data-harms"><span>Equifax</span></a><span> in the U.S., to the </span><a href="https://www.huffingtonpost.in/2018/09/11/uidai-s-aadhaar-software-hacked-id-database-compromised-experts-confirm_a_23522472/"><span>constant hacking</span></a><span> of India’s national biometric database, Aadhar—it’s the customers and passengers who will bear the burden when things go wrong, </span><i><span>and they will go wrong</span></i><span>. These vast biometric databases will create huge security and privacy risks, with the additional concern that a company leaking your passwords or credit card numbers is nothing compared to it leaking your biometric data. While you can change a password, you can’t easily change your face.</span></p>
<p><span>Additionally, these systems are </span><a href="https://www.eff.org/pages/face-recognition"><span>notoriously inaccurate</span></a><span>, contain out-of-date information, and due to the fact that immigrants and people of color are disproportionately represented in criminal and immigration databases, and that face recognition systems are <a href="https://www.nytimes.com/2019/01/24/technology/amazon-facial-technology-study.html">less capable</a> of identifying people of color, women, and young people, the weight of these inaccuracies will <a href="https://www.eff.org/deeplinks/2019/02/governments-must-face-facts-about-face-surveillance-and-stop-using-it">fall disproportionately on them</a>. It will be the passengers who bear the burden when they are stuck watching the flights they paid for take off without them because there was an error with a database or an algorithm, or because they preferred non-biometric options that weren’t in place.</span></p>
<p><span>It’s time for the government agencies and the airlines to pause these programs until they can clearly and adequately give: </span></p>
<ul><li><span>Photographs of the signage in-situ in the airports in question, as well as any additional information about the opt-out process.</span></li>
<li><span>An explanation of the locations where CBP will be providing meaningful and clear opt out notice to travelers (for example, at entry points, point-of-sale, ticket counters, security checkpoints, and boarding gates) as well as the specific language travelers can use to opt out of the biometric data collection program. </span></li>
<li><span>An up-to-date list of all the airports and airlines that currently participate in the biometric exit program. </span></li>
<li><span>Information about the algorithm CBP is using to compare photos (provided by NEC), as well as the accuracy information associated with that algorithm. </span></li>
<li><span>Technological specifications for transferring data from point of collection to DHS and with vendors and airlines. </span></li>
</ul><p><span>Additional questions—like how data is safeguarded—are laid out in </span><a href="https://www.eff.org/document/eff-follow-letter-us-customs-and-border-protection"><span>our letter to CBP</span></a><span>.</span></p>
<p><span>Congress must also demand the answers to these questions. And lawmakers must require agencies and airlines to pause this program until they can not only ensure the biometric privacy of travelers is protected but more importantly justify this huge invasion of privacy. Just last month, three Senators released a joint statement calling on DHS to </span><a href="https://www.buzzfeednews.com/article/daveyalba/these-senators-want-homeland-security-to-pause-its-facial"><span>pause the program</span></a><span> until there can be “a rulemaking to establish privacy and security rules of the road,” but so far, they’ve been ignored. </span></p>
<p><span>Trading privacy for convenience is a bad bargain, and it can feel like the deal isn’t always one we have a choice in. DHS has said that the only way we can ensure that our biometric data isn’t collected when we travel is to “refrain from traveling.” That’s ridiculous. The time to regulate and restrict the use of facial recognition technology is now, before it becomes embedded in our everyday lives. We must keep fighting to make sure that in the future, it gets easier, and not harder, to defend our privacy—biometric or otherwise.</span></p>
</div></div></div>
[EFF] Massachusetts Court Blocks Warrantless Access to Real-Time Cell Phone Location Data
2019-04-24T22:20:01Z
Jennifer Lynch
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>There's heartening news for our location privacy out of Massachusetts this week. The Supreme Judicial Court, the state's highest court, <a href="/document/commonwealth-v-almonor-massachusetts-supreme-judicial-court-opinion">ruled</a> that police access to real-time cell phone location data—whether it comes from a phone company or from technology like a cell site simulator—intrudes on a person’s reasonable expectation of privacy. Absent exigent circumstances, the court held, the police must get a warrant.</p>
<p>In <em><a href="/document/commonwealth-v-almonor-massachusetts-supreme-judicial-court-opinion">Commonwealth of Massachusetts v. Almonor</a></em>, police had a phone carrier “ping” the cell phone of a suspect in a murder case—surreptitiously accessing GPS functions and causing the phone to send its coordinates back to the phone carrier and the police. This real-time location data pinpointed Mr. Almonor’s phone to a location inside a private home. The state argued it could warrantlessly get cell phone location data to find anyone, anytime, at any place as long as it was less than <a href="https://www.eff.org/deeplinks/2015/09/massachusetts-court-rules-cell-tracking-requires-warrant">six hours</a> old. A trial court disagreed and the state appealed.</p>
<p>EFF filed an <a href="https://www.eff.org/document/almonor-amicus-brief-eff-aclu">amicus brief</a> in this case in partnership with the <a href="https://www.aclum.org/">ACLU</a> and the <a href="https://macdl.com/">Massachusetts Association of Criminal Defense Lawyers</a>. We asked the court to recognize, as the Supreme Court did in <a href="https://www.eff.org/deeplinks/2018/06/victory-supreme-court-says-fourth-amendment-applies-cell-phone-tracking"><em>U.S. v Carpenter</em></a><em>, </em>that people have a constitutional right to privacy in their physical movements. We argued that, because people have their phones with them all the time, and because the location information produced by the phone can reveal our every move—where and with whom we live, socialize, visit, vacation, worship, and much more—the police must get a warrant to access this sensitive information.</p>
<p>The Massachusetts court held that “[m]anipulating our phones for the purpose of identifying and tracking our personal location presents an even greater intrusion” than accessing the historical location data at issue in <em>Carpenter.</em> It concluded that “by causing the defendant's cell phone to reveal its real-time location, the Commonwealth intruded on the defendant's reasonable expectation of privacy in the real-time location of his cell phone.” The court recognized both that cell phone use is ubiquitous in our society, and that a phone’s location is a “proxy” for its owner’s location. The court noted that “society's expectation has been that law enforcement could not secretly and instantly identify a person's real-time physical location at will,” and “[a]llowing law enforcement to immediately locate an individual whose whereabouts were previously unknown by compelling that individual's cell phone to reveal its location contravenes that expectation.”</p>
<p>Much of the majority’s opinion focuses on the fact that, in this case, law enforcement directed the phone company to “manipulate” the defendant’s phone, causing it to send its location to the phone company. In other words, the phone company wouldn’t have collected the data on its own as part of its normal business practices. But two judges, in a concurring opinion, expressed concern that this focus on law enforcement action—rather than on the collection of location data alone—would result in an exception for searches of real-time location data that providers collect automatically. The concurring justices would hold that the Massachusetts constitution “protects us from pings not because of the right to keep the government from interfering with our cellular telephones, but because of the right to keep the government from finding us.”</p>
<p>This is very concerning because, as the concurring justices note, the majority’s focus on government action here could allow the police to “side-step the constitutional protection” by just asking for the data the cell service provider collects on its own. Although the majority denied that would happen, it remains to be seen, both how officers will implement searches after this opinion and how lower courts will apply constitutional law to those searches. We’ve seen the Commonwealth <a href="https://www.eff.org/deeplinks/2015/09/massachusetts-court-rules-cell-tracking-requires-warrant">interpret this court’s prior decisions on location tracking</a> very narrowly in the past.</p>
<p>Although the defendant raised both federal and state constitutional claims in <em>Almonor</em>, the court based its decision solely on Article 14 of the Massachusetts Declaration of Rights, which was drafted before—and served as one of the <a href="https://www.mass.gov/guides/john-adams-the-massachusetts-constitution">models</a> for—our federal Bill of Rights. Article 14, one of the cornerstones of the Massachusetts Constitution, is the state’s equivalent to the Fourth Amendment. As the court notes, it “does, or may, afford more substantive protection to individuals than that which prevails under the Constitution of the United States.”</p>
<p>Courts around the country are now being asked to address the scope of the <em>Carpenter</em> ruling. <em>Almonor</em> in Massachusetts and a case called <a href="https://www.eff.org/document/odonnell-amicus-brief-eff-aclu"><em>State of Maine v. O’Donnell</em></a><em>,</em> in Maine are among the first to deal directly with how <em>Carpenter</em> should be applied when police track and locate people in real-time. We’re heartened that the Massachusetts court took these issues seriously and made clear that the police must get a warrant, whether they access <a href="https://www.eff.org/deeplinks/2014/02/massachusetts-requires-warrants-cell-tracking">historical cell phone location data</a> or whether they cause a phone to send its real-time location. We’re still waiting for the Maine court’s opinion in <em>O’Donnell,</em> and we’re actively tracking other cases addressing these issues across the country.</p>
<p> </p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases: </div><div class="field__items"><div class="field__item even"><a href="/cases/carpenter-v-united-states">Carpenter v. United States</a></div></div></div>
[EFF] End the NSA's Invasive Call Detail Records Program Once and for All
2019-04-24T22:09:37Z
Elliot Harmon
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Over nearly two decades, the NSA has searched millions of Americans’ telephone call records—all without a warrant or, for the vast majority of these calls, any suspicion of wrongdoing. It’s time to end the mass telephone Call Detail Records (CDR) program once and for all. Please join us in <a href="https://act.eff.org/action/end-the-nsa-s-call-detail-records-program-once-and-for-all">urging Congress to support the Ending Mass Collection of Americans</a><a href="https://act.eff.org/action/end-the-nsa-s-call-detail-records-program-once-and-for-all">’</a><a href="https://act.eff.org/action/end-the-nsa-s-call-detail-records-program-once-and-for-all"> Phone Records Act</a> (<a href="https://www.congress.gov/bill/116th-congress/senate-bill/936">S. 936</a>, <a href="https://www.congress.gov/bill/116th-congress/house-bill/1942">H.R. 1942</a>).</p>
<p class="take-action"><a href="https://act.eff.org/action/end-the-nsa-s-call-detail-records-program-once-and-for-all">Take Action</a></p>
<p class="take-explainer"><a href="https://act.eff.org/action/end-the-nsa-s-call-detail-records-program-once-and-for-all">Tell Congress to End the CDR Program</a></p>
<p>Under the CDR program, the NSA has collected information about millions of Americans’ phone calls. While these records don’t contain the actual contents of telephone calls, they do include phone numbers and call times and length—more than enough information to provide the NSA a clear picture of our social relationships, interests, and affiliations. If <a href="https://ssd.eff.org/en/module/why-metadata-matters">the NSA knows that you called a suicide hotline at 1:00 in the morning</a>, does it matter that the agency doesn’t have the contents of that call?</p>
<p class="pull-quote">If the NSA knows that you called a suicide hotline at 1:00 in the morning, does it matter that the agency doesn’t have the contents of that call?</p>
<p>Besides being an invasion of Americans’ privacy, the program is also ineffective: prior to the passage of the USA FREEDOM Act, both the <a href="https://www.pclob.gov/library/215-Report_on_the_Telephone_Records_Program.pdf">Privacy and Civil Liberties Board</a> (PDF) and the <a href="https://obamawhitehouse.archives.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf">President’s Review Group on Intelligence and Communications Technologies</a> (PDF) concluded that the CDR program was neither essential nor effective in the government’s counterterrorism investigations.</p>
<p>Ever since USA FREEDOM reformed the CDR program in 2015, the civil liberties community and members of Congress have <a href="https://www.eff.org/deeplinks/2018/05/eff-and-x-civil-liberties-organizations-demand-transparency-nsa-domestic-phone">repeatedly asked the NSA for information about how widespread the CDR program is,</a> but the NSA has been unable or unwilling to provide that information. In May 2018, the Agency <a href="https://www.eff.org/deeplinks/2018/09/nsa-continues-blame-technology-breaking-law">admitted that it had collected countless records that it wasn’t legally authorized to obtain</a>, but still failed to provide meaningful information about just how widespread the program was. And in 2019, the New York Times reported that rather than modify the program in order to comply with the law going forward, <a href="https://www.eff.org/deeplinks/2019/03/congress-has-chance-finally-end-nsas-mass-telephone-records-program">the NSA had stopped using the program altogether</a>.</p>
<p>The CDR program does nothing for national security, and the NSA appears to be incapable of utilizing the program without breaking the law. Let’s end this invasive surveillance program once and for all. <a href="https://act.eff.org/action/end-the-nsa-s-call-detail-records-program-once-and-for-all">Please tell your members of Congress</a> to cosponsor S. 936 and H.R. 1942.</p>
<p class="take-action"><a href="https://act.eff.org/action/end-the-nsa-s-call-detail-records-program-once-and-for-all">Take Action</a></p>
<p class="take-explainer"><a href="https://act.eff.org/action/end-the-nsa-s-call-detail-records-program-once-and-for-all">Tell Congress to End the CDR Program</a></p>
</div></div></div>
[EFF] California Assembly’s Privacy Committee Votes to Weaken Landmark Privacy Law
2019-04-24T05:51:58Z
Hayley Tsukayama
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>The California State Assembly’s Privacy and Consumer Protection Committee today capitulated to industry complaints that our privacy is inconvenient for its bottom line. It voted to advance five bills opposed by privacy advocates that would undermine the landmark California Consumer Privacy Act (CCPA) and put companies before consumers.</p>
<p>Rather than stand up for Californians and their constitutional right to privacy, this Committee and its Chairman Ed Chau would not defend the CCPA, let alone strengthen it.</p>
<p>Committee members undercut consumer privacy by passing the following bills:</p>
<ul><li><a href="https://www.eff.org/document/ab-25-opposition-letter-april-2019">A.B. 25 (Chau) </a>would allow companies to collect invasive data about their employees.</li>
<li><a href="https://www.eff.org/document/ab-846-opposition-letter-april-2019">A.B. 846 (Burke)</a> would increase the power of businesses to force consumers to pay for their CCPA privacy rights.</li>
<li><a href="https://www.eff.org/document/ab-981-oppose">A.B. 191 (Daly)</a> would allow the insurance industry to dodge the consumer protections of the CCPA.</li>
<li><a href="https://www.eff.org/document/ab-873-opposition-letter-april-2019">A.B. 873 (Irwin)</a> would weaken two critical definitions (“personal information” and “deidentified”) and thus undermine necessary privacy protections in the CCPA.</li>
<li><a href="https://www.eff.org/document/ab-1564-opposition-letter-april-2019">A.B. 1564 (Berman)</a> would increase the cost of asserting privacy rights, which is especially harmful to low-income Californians.</li>
</ul><p>It is deeply unfortunate that the members of this committee—with the exception of Asm. Buffy Wicks, who abstained from all CCPA votes—passed these bills out of committee.</p>
<p>We are especially disappointed in Privacy Committee Chairman Ed Chau. He was the author of the CCPA. Today, he voted to significantly weaken both this law and the privacy rights he previously championed.</p>
<p>While the Assembly Privacy Committee today failed to protect our privacy, the Senate Judiciary Committee recently voted to strengthen it. That Committee voted to advance Sen. Hannah-Beth Jackson’s bill, <a href="https://www.eff.org/deeplinks/2019/04/californians-want-and-deserve-stronger-privacy-lawshttps://www.eff.org/deeplinks/2019/04/californias-attorney-general-wants-empower-people-protect-their-privacy-sacramento">S.B. 561</a>. This bill will improve the enforcement of the CCPA by ensuring that people can sue the companies that violate their privacy rights, and strengthening the powers of the California Attorney General.</p>
<p>In coming weeks, we will continue to fight the industry bills advanced today by the Assembly Privacy Committee, and champion stronger privacy legislation such as S.B. 561.</p>
</div></div></div>
[EFF] The Tillis-Coons patent bill will be a disaster for innovation
2019-04-23T23:36:15Z
Alex Moss
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>In recent years, we’ve made major progress getting courts to give full effect to Section 101 of the U.S. Patent Act. That’s the section that defines, and limits, what can get a patent. Section 101 is critical in making sure that only <em>inventions</em>—technological advances attributable to human efforts—can be patented.</p>
<p>Now, key Senators are looking to undo all of that progress and drive the patent system into uncharted territory. Senators Tillis (R-NC) and Coons (D-DE) are pushing ahead with a <a href="https://www.tillis.senate.gov/public/index.cfm/press-releases?ID=B521846C-594A-46BE-B17A-0E11393D23AD">proposal</a> that will upend more than a century of case law and make the patent system far worse for small innovators and ordinary consumers in the software and health care industries. </p>
<p>Who will benefit most from the proposal? Companies that make money from aggressively licensing and litigating patents, especially in the fast-growing fields of artificial intelligence and medical diagnostics. And, of course, the patent lawyers and law firms who make money representing them.</p>
<p>Not to mention, patent trolls. With Section 101 broken, defendants will have lost a powerful tool for fighting bad patents. Most of the small businesses we profiled in our <a href="https://www.eff.org/alice">“Saved by Alice” project</a> would have likely been pushed toward lengthy and expensive trials, rather than fast and fair resolutions, in order to defend against false infringement charges. </p>
<p>While our current Section 101 dates to the 1870s, the words of the law have stayed largely the same since the first U.S. patent law was passed in 1793. Today, Section 101 reads simply:</p>
<p><em>Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.</em></p>
<p>The Tillis-Coons proposal is aimed squarely at killing the many Supreme Court decisions—<a href="https://www.eff.org/deeplinks/2012/03/supreme-court-gets-it-right-no-patents-laws-nature"><em>Mayo v. Prometheus</em></a> and <a href="https://www.eff.org/alice"><em>Alice v. CLS Bank</em></a> in particular—that have interpreted Section 101 in ways that promote innovation. Rewriting Section 101 could undermine all of U.S. patent law and would open the door to patents on old and useless ideas as never before.</p>
<p>The newly re-constituted Senate IP Subcommittee, chaired by Tillis, is determined to tweak the patent laws in favor of patent-holders. While the exact language of the subcommittee’s bill isn’t yet , the bill’s sponsors have published a “patent reform framework” that details, point by point, how they intend to degrade the patent system. </p>
<h3>Undermining Section 101</h3>
<p>Let’s take a look at each of the framework’s seven points from Senator Tillis' <a href="https://www.tillis.senate.gov/public/index.cfm/press-releases?ID=B521846C-594A-46BE-B17A-0E11393D23AD">published statement</a> on the framework, starting with the one that describes the most dramatic change: </p>
<ul><li><em>"Eliminate</em><em>, </em><em>within the eligibility requirement, that any invention or discovery be both 'new and useful.' Instead, simply require that the invention meet existing statutory utility requirements."</em><em></em></li>
</ul><p>Removing the requirement that inventions actually be <strong>new and useful </strong>upends a fundamental Constitutional principle of patent law. The Constitution grants Congress the power to issue an “exclusive right,” such as a patent, only “[t]o promote the progress of science and useful arts.” The patent system’s entire purpose, in other words, is to encourage technological progress. Allowing patents on things that are neither new nor useful undermines the purpose of the Intellectual Property Clause.</p>
<p>Section 101’s purpose is to weed out patent applications that cannot possibly be inventive. The “existing statutory utility requirements” do not, and cannot, accomplish this. That’s because other parts of U.S. patent laws do not include a specific “utility” requirement. Section 102 and 103 set out requirements for determining whether an invention is obvious in view of pre-existing knowledge in the field—what is known as “prior art”—but courts and the Patent Office apply those requirements extremely narrowly.</p>
<p>It’s especially difficult to invalidate bad software patents under Sections 102 and 103. Because courts and the Patent Office didn’t start granting patents on software alone until the mid-1990s, there is a dearth of patents and patent applications that could be used to invalidate software patents under Sections 102 and 103. And because the code for most software products is not public, it isn’t readily available to others in court challenges.</p>
<p>As a practical matter, a mid-value patent lawsuit <a href="https://www.patentattorney.com/aipla-survey-of-costs-of-patent-litigation-and-inter-partes-review/">costs more than $3 million</a> to litigate through trial. Cases that revolve around Section 101 resolve for a small fraction of that, avoiding the massive costs of discovery, experts, and trial. The Supreme Court’s decision in <em>Alice v. CLS Bank </em>has been a powerful weapon against worthless patents, saving numerous <a href="https://www.eff.org/alice/alice-saves-medical-startup-death-telehealth-patent">start-ups</a> and <a href="https://www.eff.org/alice/alice-decision-saves-crowdfunding-patent-troll">small businesses</a> from abusive patent litigation. </p>
<p>That's not all. Senators Coons and Tillis want lawmakers to create a strictly limited list of technologies that <em>can’t</em> get a patent, while placing virtually no limits there on what <em>can</em> get a patent:</p>
<ul><li><em>"Define, in a closed list, exclusive categories of statutory subject matter which alone should not be eligible for patent protection."</em></li>
</ul><p>The reference to a “closed” and “exclusive” list of ineligible categories is a clear effort to prevent the courts from doing their job: interpreting the law. They’ll simply set the default to “patentable” for emerging technologies.<em> </em></p>
<p>The next point of the framework is clearly pointed at undoing court rulings that have made the patent system better for people who actually build technology: </p>
<ul><li><em></em><em></em><em>"Statutorily abrogate judicially created exceptions to patent eligible subject matter in favor of exclusive statutory categories of ineligible subject matter."</em></li>
</ul><p>The Supreme Court has consistently rejected patents on uninventive subject matter, like the method of hedging risk in <em>Bilski</em>; the method of determining drug dosage based on blood metabolite levels in <em>Mayo</em>; and the computerized escrow system in <em>Alice</em>. Companies that make money licensing low-value patents want to throw these decisions out, just as district courts are finally applying them. Even the Eastern District of Texas—once the most popular judicial district among patent owners—has started finding patents ineligible [<a href="http://www.cafc.uscourts.gov/sites/default/files/opinions-orders/15-1845.Opinion.9-21-2016.1.PDF">PDF</a>] under 101 at early stages of litigation. </p>
<p>The fourth substantive change would undermine proper patent claim interpretation: </p>
<ul><li><em></em><em>"Make clear that eligibility is determined by considering each and every element of the claim as a whole and without regard to considerations properly addressed by 102, 103 and 112."</em></li>
</ul><p>Patent lawyers like to say “the name of the game is the claim.” That’s because the claim is the part of a patent that actually defines the “invention” that others are prevented from using. And it is the “claim as a whole” that’s considered the invention, not any particular element by itself.</p>
<p>But that doesn’t mean courts can’t consider the individual elements of a patent claim. In fact, it’s often critical that they do so. For example, the patent in <em>Alice</em> included a “data storage unit,” which the court considered “purely functional and generic,” and therefore rejected this element—because it didn’t have the “inventive concept” that Section 101 requires.</p>
<p>By telling courts not to look at the elements of a patent claim, Tillis and Coons are effectively telling courts to ignore the words the claim actually uses to describe the invention. Considering the claim “as a whole” just means ignoring what the individual words in the claim actually mean. </p>
<h3>False Reassurance</h3>
<p>The proposed framework also includes three points that are meant to assuage potential critics. Here's one of them: </p>
<ul><li><em></em><em>"Ensure that simply reciting generic technical language or generic functional language does not salvage an otherwise ineligible claim."</em></li>
</ul><p>This point attempts to show that the bill won’t open the floodgates to worthless patents. It’s true that generic language should not confer patent-eligibility, but no one should have confidence that this language will have any practical effect if enacted. Keep an eye on the big picture: this is part of a legislative proposal intended to allow patents on old and useless technologies. </p>
<p>In any case, sometimes “generic technical language” isn’t the problem. For example, courts rejected a patent in <em>DietGoal Innovations LLC v. Bravo Media LLC, </em>which claimed “a computerized method of selecting meals,” because the method was nothing but “conventional and quotidian tasks.” Sometimes, courts just use common sense to rule that conventional everyday tasks aren’t “inventive.” </p>
<p>They'll also create a new test: </p>
<ul><li><em></em><em>"Create a 'practical application' test to ensure that the statutorily ineligible subject matter is construed narrowly."</em></li>
</ul><p>We already have a test to make sure each and every patent is worth the public cost of a 20-year monopoly: Section 101, as interpreted by the Supreme Court. There is no need for a new test to determine whether a patent is eligible.</p>
<p>This point of the framework makes clear what the Tillis-Coons proposal is really trying to do: ensure that courts and the Patent Office do not reject patent applications that should have been rejected. </p>
<p>Then there's one last point—which actually is the first point in the Tillis-Coons press release—that's meant to make this radical change to the patent system seem less so: </p>
<ul><li><em></em><em>"Keep existing statutory categories of process, machine, manufacture, or composition of matter, or any useful improvement thereof."</em></li>
</ul><p>Any version of Section 101 that defines patent-eligible inventions to include things that are useful, but <strong><em>not</em></strong> new, would <strong><em>change</em></strong> the categories of eligible subject matter we have now.</p>
<p>This is another attempt to understate the radical changes being proposed in this bill. Scrapping the words “new and useful” would be an unprecedented departure—as the patent owners pushing this legislation well know. </p>
<p>According to their press release, Senators Tillis and Coons will be introducing a bill later this year. If the bill looks anything like this proposal, it will be a handout to patent trolls and other abusers of the system. If Congress is serious about ensuring that the patent system promotes innovation, it must listen to the people who work every day in technology and medicine—not just to companies that hold thousands of patents.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases: </div><div class="field__items"><div class="field__item even"><a href="/cases/abstract-patent-litigation">Abstract Patent Litigation</a></div></div></div>
[EFF] Eleven Teams Entered EFF's Third Annual Tech Trivia. Three Left (Victorious).
2019-04-23T22:42:34Z
Jason Kelley
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>The Cybertiger is vicious. He is cunning. And he is full of dad jokes. </span></p>
<p><span>Last week, EFF’s Cooper “Cybertiger” Quintin led three judges and eleven teams in five challenging (and comic) rounds of tech trivia, covering everything from fictional search engines in television to historical messaging protocols to ancient cryptography methods. The tensions were high, and the stakes were higher: three winners would come away with EFF prize packs, championship trophies (in the shape of oversized Tech Trivia beer tankards), and all of the glory.</span></p>
<p><span><div class="caption caption-center"><div class="caption-width-container"><div class="caption-inner"><img src="/files/2019/04/19/3-mugs.jpg" alt="" title="" width="411" height="376" /><p class="caption-text">The coveted Tech Trivia Tankards</p></div></div></div></span></p>
<p><span></span></p>
<p><span>EFF’s Tech Trivia is a blatant rip-off of </span><a href="https://www.eff.org/deeplinks/2018/08/cyberlaw-trivia-night-wrap"><span>EFF Cyberlaw Trivia</span></a><span>, and is in its third round of offering the best minds in tech a chance to put down their phones, pick up a pen, and write their names in the history books by winning the pub quiz-style event, now in its third year. </span></p>
<p><span>By the end of round one, the gauntlet had been thrown. Normally, scores are read aloud after each round, but Judge Gennie Gebhart refrained from letting everyone know just how wide the gaps were “out of compassion.” What we can say: “A Spectre is Haunting CPUs” led, with “The Randoms” and “ROT13” close behind. As is sometimes the case, pedantic answers were not accepted (although EFF concedes, after much deliberation, that the Tor onion protocol is not named after a root vegetable, because an onion is </span><a href="https://en.wikipedia.org/wiki/Onion"><span>technically a bulb</span></a><span>), and clever team names are preferred but will not win you the competition (even if your team is literally named “In First Place.”)</span></p>
<p><span>By the third round, it was clear that the hive minds were working like well-oiled robotic machines, albeit machines with a blind spot for trivia relating to pop culture or ancient civilizations. “A Spectre is Haunting CPUs” was still in first place, while “Semiconductor Kind of Life” and “Arbitrary Capricious” sped past the other teams to reach second and third.</span></p>
<p><span><div class="caption caption-center"><div class="caption-width-container"><div class="caption-inner"><img src="/files/2019/04/19/judges1.jpg" alt="A man holding an oversized gavel, wearing a parliamentary wig, with his back against a man with a mohawk wearing a tiger striped suit and holding a microphone. " title="Did we mention that " width="442" height="582" /><p class="caption-text">EFF's Tech Trivia can be a stylish affair?</p></div></div></div></span></p>
<p><span>In the end, the victorious teams battled through five rounds and a tiebreaker (Jte poief jusef ug c sezukg czh jte sfecjegj jfuluc ycgjef ar cxx juy!) to determine the winners of the coveted Tech Trivia Tankards. They are, in a very particular order: </span></p>
<p class="center-image"><img src="/files/2019/04/23/dsc00953.jpg" width="445" height="391" alt="" /></p>
<p>The winning team, "A Spectre is Haunting CPUs"!</p>
<p class="center-image"><span> <img src="/files/2019/04/19/dsc00949.jpg" alt="" title="In second place, "rot13"" width="451" height="321" /></span></p>
<p><span>In second place, "rot13"!</span></p>
<p class="center-image"><span><img src="/files/2019/04/19/dsc00945.jpg" alt="" title=" UNREDACTED ▮▮▮▮▮▮" width="448" height="294" /></span></p>
<p>And bringing up third: "UNREDACTED ▮▮▮▮▮▮"</p>
<p><span>In the end, it was a wonderful evening of wall-to-wall laughing, eating, drinking, and nerding out. </span><span>Many thanks to Bishop Fox, Facebook, <span>Gandi.net, No Starch Press, and Van Pelt, Yi & James LLP</span>! If you or your company are interested in supporting a future EFF event, please contact <a href="mailto:nicole@eff.org">Nicole Puller</a></span><span>.</span><br /><span></span></p>
<p><span>EFF's sincere appreciation goes out to of the participants who joined us for a great quiz over dinner and drinks while never losing sight of our mission to drive the online rights movement forward. We salute the </span><a href="https://www.eff.org/join"><span>digital freedom supporters</span></a><span> around the world who have helped ensure that EFF can continue working in the courts and with policymakers, activists, technologists, and the public to protect online privacy and free expression.</span></p>
<p><span>Learn about upcoming EFF events when you <a href="https://www.eff.org/EFFector">sign up for our email list</a>, or just check out our <a href="http://eff.org/event">event calendar</a>. We hope to see you soon.</span></p>
</div></div></div>
[EFF] California's Assembly Privacy Committee Will Consider Only Industry Bills
2019-04-23T04:31:56Z
Hayley Tsukayama
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>We are disappointed the California Assembly Privacy and Consumer Protection Committee will not hear <a href="https://www.eff.org/ja/node/100327">A.B. 1760</a>, which would have substantially strengthened the California Consumer Privacy Act.</p>
<p>Tomorrow, the Privacy Committee will instead vote on several bills backed by Big Tech interests that will erode the CCPA and the promises this law made to give all Californians the privacy rights they want and deserve. California’s legislators must stop bills that erode our privacy and we will not stop fighting for strong privacy legislation.</p>
<p>In coming weeks, we will work to pass <a href="https://www.eff.org/deeplinks/2019/04/californians-want-and-deserve-stronger-privacy-laws">S.B. 561</a>, which will improve the enforcement of the CCPA by ensuring that people can sue the companies that violate their privacy rights, and strengthening the powers of the California Attorney General.</p>
<p>Tech companies are saying that they support privacy yet still deploy their money and pressure to silence real privacy bills. We will not let them kill strong privacy bills in the dark.</p>
<p><em>Updated April 23, 2019 to add opposition letters.</em></p>
<p>Read our coalition letters opposing bills being heard in the Privacy Committee today that erode the CCPA:</p>
<p><a href="https://www.eff.org/document/ab-25-opposition-letter-april-2019">A.B. 25 - Oppose Unless Amended</a></p>
<p><a href="https://www.eff.org/document/ab-846-opposition-letter-april-2019">A.B. 846 - Oppose Unless Amended</a></p>
<p><a href="https://www.eff.org/document/ab-873-opposition-letter-april-2019">A.B. 873 - Oppose</a></p>
<p><a href="https://www.eff.org/document/ab-1564-opposition-letter-april-2019">A.B. 1564 - Oppose</a></p>
</div></div></div>
[EFF] California's Assembly Will Consider Only Industry Bills
2019-04-23T04:31:56Z
Hayley Tsukayama
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>We are disappointed the California Assembly Privacy and Consumer Protection Committee will not hear <a href="https://www.eff.org/ja/node/100327">A.B. 1760</a>, which would have substantially strengthened the California Consumer Privacy Act.</p>
<p>Tomorrow, the Privacy Committee will instead vote on several bills backed by Big Tech interests that will erode the CCPA and the promises this law made to give all Californians the privacy rights they want and deserve. California’s legislators must stop bills that erode our privacy and we will not stop fighting for strong privacy legislation.</p>
<p>In coming weeks, we will work to pass <a href="https://www.eff.org/deeplinks/2019/04/californians-want-and-deserve-stronger-privacy-laws">S.B. 561</a>, which will improve the enforcement of the CCPA by ensuring that people can sue the companies that violate their privacy rights, and strengthening the powers of the California Attorney General.</p>
<p>Tech companies are saying that they support privacy yet still deploy their money and pressure to silence real privacy bills. We will not let them kill strong privacy bills in the dark.</p>
</div></div></div>
[EFF] Google's Sensorvault Can Tell Police Where You've Been
2019-04-19T00:53:40Z
Jennifer Lynch
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>Do you know where you were five years ago? Did you have an Android phone at the time? It turns out Google might know—and it might be telling law enforcement.</span></p>
<p><span>In a new </span><a href="https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html"><span>article</span></a><span>, the <em>New York Times</em> details a little-known technique increasingly used by law enforcement to figure out everyone who might have been within certain geographic areas during specific time periods in the past. The technique relies on detailed location data collected by Google from most Android devices as well as iPhones and iPads that have Google Maps and other apps installed. This data resides in a Google-maintained database called “Sensorvault,” and because Google stores this data indefinitely, Sensorvault “includes detailed location records involving at least hundreds of millions of devices worldwide and dating back nearly a decade.” </span></p>
<p><span>The data Google is turning over to law enforcement is so precise that one deputy police chief said it “shows the whole pattern of life.” It’s collected even when people aren’t making calls or using apps, which means it can be even more detailed than data generated by cell towers.</span></p>
<p class="pull-quote"><span>One deputy police chief said Google’s location data “shows the whole pattern of life.”</span></p>
<p><span>The location data comes from GPS signals, cellphone towers, nearby Wi-Fi devices and Bluetooth beacons. </span><a href="https://www.nytimes.com/2019/04/13/technology/google-sensorvault-location-tracking.html"><span>According to Google</span></a><span>, users opt in to collection of the location data stored in Sensorvault. However, Google makes it very hard to resist opting in, and many users may not understand that they have done so. Also, Android devices collect lots of other location data by default, and it’s extremely difficult to </span><a href="https://www.apnews.com/828aefab64d4411bac257a07c1af0ecb"><span>opt out of that collection</span></a><span>. </span></p>
<p><span>Using a single warrant—often called a “geo-fence” or “reverse location” warrant—police are able to access location data from dozens to hundreds of devices—devices that are linked to real people, many of whom (and perhaps in some cases all of whom) have no tie to criminal activity and have provided no reason for suspicion. The warrants cover geographic areas ranging from single buildings to multiple blocks, and time periods ranging from a few hours to a week.</span></p>
<p><span>So far, according to the </span><i><span>Times</span></i><span> and other outlets, this technique is being used by the </span><a href="https://www.forbes.com/sites/thomasbrewster/2018/08/15/to-catch-a-robber-the-fbi-attempted-an-unprecendeted-grab-for-google-location-data/#728f5ce0741d"><span>FBI</span></a><span> and police departments in Arizona, </span><a href="https://slate.com/technology/2019/02/reverse-location-search-warrants-google-police.html"><span>North Carolina</span></a><span>, California, </span><a href="https://int.nyt.com/data/documenthelper/764-fdlelocationsearch/d448fe5dbad9f5720cd3/optimized/full.pdf#page=1"><span>Florida</span></a><span>, </span><a href="https://www.mprnews.org/story/2019/02/07/google-location-police-search-warrants"><span>Minnesota</span></a><span>, </span><a href="https://www.forbes.com/sites/thomasbrewster/2018/10/23/feds-are-ordering-google-to-hand-over-a-load-of-innocent-peoples-locations/#2d3f3c805a0d"><span>Maine</span></a><span>, and Washington, although there may be other agencies using it across the country. But police aren’t limiting the use of the technique to egregious or violent crimes—</span><a href="https://www.mprnews.org/story/2019/02/07/google-location-police-search-warrants"><span>Minnesota Public Radio</span></a><span> reported the technique has been used to try to identify suspects who stole a pickup truck and, separately, $650 worth of tires. Google is getting up to 180 requests a week for data and is, apparently, struggling to keep up with the demand.</span></p>
<p><span>Law enforcement appears to be seeking warrants to access this extremely detailed location data. However, it’s questionable whether the affidavits supporting those warrants truly establish probable cause and also questionable whether judges fully understand what they’re authorizing when issuing these warrants. </span></p>
<p><span>According to the </span><i><span>Times</span></i><span>, the warrants frequently rely on an officer’s assertion that the fact that “Americans owned cellphones and that Google held location data on many of these phones” somehow supports probable cause for the warrant. The warrants also list GPS coordinates that supposedly “geo-fence” the geographic area for which they are requesting data, but many don’t include a map showing the area itself. </span><a href="https://int.nyt.com/data/documenthelper/764-fdlelocationsearch/d448fe5dbad9f5720cd3/optimized/full.pdf#page=1"><span>Without a visual representation</span></a><span>, there’s almost no way to tell how large or small the geographic area covered by the warrant is. </span></p>
<p><span>Law enforcement seems to be using a three-step process to learn the names of device holders (in some cases, a single warrant authorizes all three steps). In the first step, the officer specifies the area and time period of interest, and in response, Google gives the police information on all the devices that were there, identified by anonymous numbers—this step may reveal hundreds of devices. </span></p>
<p><span>After that, officers can narrow the scope of their request to fewer devices, and Google will release even more detailed data, including data on where devices traveled </span><i><span>outside</span></i><span> the original requested area and time period. This data, which still involves multiple devices, reveals detailed travel patterns. In the final step, detectives review that travel data to see if any devices appear relevant to the crime, and they ask for the users’ names and other information for specific individual devices.</span></p>
<p><span>This technique is problematic for several reasons. First, unlike other methods of investigation used by the police, the police don’t start with an actual suspect or even a target device—they work backward from a location and time to identify a suspect. This makes it a fishing expedition—the very kind of search that the Fourth Amendment was intended to prevent. Searches like these—where the only information the police have is that a crime has occured—are much more likely to implicate innocent people who just happen to be in the wrong place at the wrong time. Every device owner in the area during the time at issue becomes a suspect—for no other reason than that they own a device that shares location information with Google. </span></p>
<p><span>Second, as the Supreme Court recognized in </span><a href="https://www.eff.org/deeplinks/2018/06/victory-supreme-court-says-fourth-amendment-applies-cell-phone-tracking"><i><span>Carpenter v United States</span></i></a><span> last summer, detailed travel data like this can provide “an intimate window into a person's life, revealing not only his particular movements, but through them his ‘familial, political, professional, religious, and sexual associations.’” This is exactly what the deputy police chief recognized when he said Google location data “shows the whole pattern of life.”</span></p>
<p><span>Third, there’s a high probability the true perpetrator isn’t even included in the data disclosed by Google. For these kinds of warrants, officers are just operating off a hunch that the unknown suspect had a cellphone that generated location data collected by Google. This shouldn’t be enough to support probable cause, because it’s just as likely that the suspect wasn’t carrying an Android phone or using Google apps at the time.</span></p>
<p><span>Techniques like this also reveal big problems with our current warrant system. Even though the standard for getting a warrant is higher than other legal procedures—and EFF pushes for a warrant requirement for digital data and devices—warrants, alone, are no longer enough to protect our privacy. Through a single warrant the police can access exponentially more and more detailed information about us than they ever could in the past. Here, the police are using a single warrant to get access to location information for hundreds of devices. In other contexts, through a single warrant, officers can access all the data on a cell phone or a hard drive; all email stored in a Google account (possibly going back years); and all information linked to a social media account (including photos, posts, private communications, and contacts). </span></p>
<p><span>We shouldn’t allow the government to have such broad access to our digital lives. One way we could limit access is by passing legislation that mandates heightened standards, minimization procedures, and particularity requirements for digital searches. We already have this in laws that regulate </span><a href="https://www.law.cornell.edu/uscode/text/18/2518"><span>wiretaps</span></a><span>, where police, in addition to demonstrating probable cause, must state that they have first tried other investigative procedures (or state why other procedures wouldn’t work) and also describe how the wiretap will be limited in scope and time. </span></p>
<p><span>The Fourth Amendment itself also supports limits on the scope of individual warrants. It states that warrants must “particularly describ[e] the place to be searched, and the persons or things to be seized.” However, many courts merely rubber stamp warrant requests without questioning the broad scope of the request.</span></p>
<p><span>As the </span><i><span>Times </span></i><span>article notes, this technique implicates innocent people and has a real impact on people’s lives. Even if you are later able to clear your name, if you spend any time at all in police custody, this could cost you your job, your car, and your ability to get back on your feet after the arrest. One man profiled in the </span><i><span>Times</span></i><span> article spent nearly a week in police custody and was having trouble recovering, even months after the arrest. He was arrested at work and subsequently lost his job. Due to the arrest, his car was impounded for investigation and later repossessed. These are the kinds of far-reaching consequences that can result from overly broad searches, so courts should subject geo-location warrants to far more scrutiny.</span></p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases: </div><div class="field__items"><div class="field__item even"><a href="/cases/carpenter-v-united-states">Carpenter v. United States</a></div></div></div>
[EFF] California Attorney General Must Investigate Improper Database Searches on Community Observers at Controversial Police Event
2019-04-18T22:33:29Z
Tracy Rosenberg
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><em>This is a guest post by Tracy Rosenberg, executive director of Media Alliance. It was originally published on the <a href="https://media-alliance.org/using-criminal-databases-on-observers-urban-shield-and-clets/">Media Alliance website</a>. </em></p>
<p><span>For the last two years (2017 and 2018) of the Urban Shield weapons expo and SWAT drill in Alameda County, I was a community observer. I went as a citizen to see how my tax dollars were being spent, and as an activist/journalist so I could </span><a href="https://medium.com/@tracyrosenberg/notes-from-the-last-urban-shield-as-we-know-it-67bfeaaeeaba">describe</a><span> the event to others and to </span><a href="http://www.ktvu.com/news/what-exactly-is-urban-shield-preparing-law-enforcement-for">the media</a><span>. What I didn’t know is that in exchange the Alameda County Sheriff would access my driving record, parking tickets and legal history through CLETS, the <a href="https://www.eff.org/tags/clets">California Law Enforcement Telecommunications System</a>.</span></p>
<p><span>Urban Shield, as a Homeland Security-funded regional training exercise for SWAT, Fire and Emergency Services, was not open to the public, although some volunteers were solicited to role-play victims and perpetrators in the counterterrorism scenarios. So the great battle that sprung up around the event starting in 2013 with <a href="https://www.warresisters.org/we-pushed-urban-shield-out-oakland-struggle-continues">protests in Oakland dislodging the weapons expo from the Downtown Marriot</a>, <a href="https://www.motherjones.com/crime-justice/2014/09/video-highlights-oaklands-urbanshield-conference/">reporters getting thrown out of the event</a>, <a href="https://sanfrancisco.cbslocal.com/2016/09/09/protesters-gather-at-police-urban-shield-exercises/">civil disobedience outside the gates</a>, and finally <a href="https://www.nbcbayarea.com/news/local/Berkeley-Leaders-Decision-to-Stay-With-Urban-Shield-Triggers-Backlash-429953063.html">bloodied heads at a Berkeley City Council meeting debating the city’s possible withdrawal from the event</a>, was largely waged by people who had never seen the event, but knew that militaristic training of local law enforcement wasn’t helping the growing problems with excessive use of force and the deaths of unarmed people.</span></p>
<p>When Alameda County finally got serious about debating whether the Urban Shield exercise should continue, a county task force was set up, and that task force set about gathering data, including organizing delegations of outside observers. I was a member of both of those delegations, a large one in 2017 and a smaller one in 2018. As a community observer, I was asked to register and fill out a form to produce a little badge on a rope with my name. The form included in small letters, a disclaimer that a background check would be performed.</p>
<p>I am a privacy advocate, so a) I noticed and b) I felt uncomfortable. In practical terms, during both of my observation periods, I was surrounded by battalions of armed officers at all times, rarely less than 2 feet from me at any given moment. During my guided tour of the SWAT practices, I was escorted by armed sheriff personnel and driven about in a sheriff SUV, much as the KGB-guided tours of the Kremlin during the days of the Soviet Union were described to me as a child. While neither I, nor my fellow observers who included attorneys, medical doctors, and religious leaders, were criminals, the slightest untoward action would have resulted in being immediately blown to smithereens.</p>
<p>In a memo to CLETS subscribing entities sent in April 2018, the Department of Justice reminded law enforcement agencies that CLETS was not to be used to query individuals in the media and the Automated Criminal History System (ACHS) was not to be used for licensing, employment, or certification purposes.</p>
<p>On April 12, Media Alliance and the Electronic Frontier Foundation filed a request for investigation into possible misuse of the CLETS database and a request that the agency cease all similar background checks on journalists and advocates engaged in oversight roles.</p>
<p><a href="https://www.eff.org/document/eff-and-media-alliance-letter-cadoj-regarding-background-searches-clets">Read the letter from EFF and Media Alliance to the California Department of Justice. </a></p>
<p><span>In our inquiry, we added: “Community trust in law enforcement relies on transparency and respect for the watchdog roles of civil society and the news media. Accessing the sensitive data of these observers via CLETS discourages members of the community from participating in oversight activities.”</span></p>
</div></div></div>
[EFF] Californians Want and Deserve Stronger Privacy Laws
2019-04-18T18:51:42Z
Hayley Tsukayama
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>California <a href="https://www.eff.org/deeplinks/2018/08/how-improve-california-consumer-privacy-act-2018">made strides to protect privacy</a> last year with the California Consumer Privacy Act (CCPA). This year, we want to make sure that the state has tools necessary to make sure it can enforce that law, and that everyone will be able to stand up for their own privacy without fear of discrimination.</p>
<p>That is why we are supporting both <a href="https://www.eff.org/deeplinks/2019/02/its-time-california-guarantee-privacy-all">A.B. 1760</a> and <a href="https://www.eff.org/fr/deeplinks/2019/04/californias-attorney-general-wants-empower-people-protect-their-privacy-sacramento">S.B. 561:</a> two essential bills to provide Californians with the privacy protection they want and deserve. We stand fully behind these bills and their authors, Assemblymember Buffy Wicks and Senator Hannah-Beth Jackson.</p>
<p>Wicks’ bill, <a href="http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201920200AB1760">A.B. 1760</a>, would give California consumers the knowledge and protection to defend their privacy rights. It makes sure that they can learn which companies have received their personal information through a sale or other form of sharing. The bill also requires that all companies that share data, as well as those that sell it, get the consumer’s opt-in consent to do so.</p>
<p>This law helps people become aware of the myriad ways personal information is shared in the modern digital world. And it ensures that companies cannot punish people for exercising their right to privacy, by imposing a higher price or inferior service. No one should ever be punished for protecting their privacy, and privacy should not be a premium feature for those who can afford it.</p>
<p>Privacy legislation like A.B. 1760 has <a href="https://www.aclunc.org/news/california-voters-overwhelmingly-support-stronger-consumer-privacy-protections-new-data-shows">overwhelming public support</a>. Recent polling from the <a href="http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201920200SB561">American Civil Liberties Union</a> found that 94 percent of Californians, across all demographics, want legislation with the protections A.B. 1760 provides.</p>
<p>We thank Assemblymember Wicks for her leadership in continuing to defend her bill, and standing up for Californians and their privacy, even in the face of heavy pushback from the technology industry. Ahead of A.B. 1760’s April 23 hearing before the Privacy Committee, however, the bill has had to undergo amendments. This included removing the private right of action—a right that <a href="https://www.eff.org/fr/deeplinks/2019/04/californias-attorney-general-wants-empower-people-protect-their-privacy-sacramento">94 percent of Californians</a> agree they should have.</p>
<p>That’s where <a href="http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201920200SB561">S.B. 561</a> steps in. Sen. Jackson’s bill provides tools for the Attorney General’s Office to enforce the CCPA and hold companies accountable for their actions, and grants every person the right to take companies to court for violating their privacy rights. As EFF has said many times, the <a href="https://www.eff.org/deeplinks/2019/01/you-should-have-right-sue-companies-violate-your-privacy">best way to hold companies accountable</a> is to empower ordinary consumers to bring their own lawsuits against the companies that violate their privacy rights.</p>
<p>Sen. Jackson showed remarkable leadership by <a href="https://www.eff.org/deeplinks/2019/04/californias-attorney-general-wants-empower-people-protect-their-privacy-sacramento">standing firm against critics</a> to pass her bill out of a key committee, underscoring her commitment to giving the Attorney General and the people of California these crucial tools.</p>
<p>We support these complementary bills to give Californians the rights and power needed to stand up for their own privacy. Tell your lawmakers that it’s time for them to stand up for your privacy, too.</p>
<p class="take-action"><a href="https://action.eff.org/o/9042/p/dia/action4/common/public/?action_KEY=10915">Take Action</a></p>
<p class="take-explainer"><a href="https://action.eff.org/o/9042/p/dia/action4/common/public/?action_KEY=10915">Tell Lawmakers to Protect Your privacy</a></p>
</div></div></div>
[EFF] The Ecuadorean Authorities Have No Reason to Detain Free Software Developer Ola Bini
2019-04-17T05:39:38Z
Danny O'Brien
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Hours after the <a href="https://www.eff.org/deeplinks/2019/04/eff-statement-assange-indictment-and-arrest-f">ejection of Julian Assange</a> from the London Ecuadorean embassy last week, police officers in Ecuador <a href="https://gizmodo.com/ecuador-arrests-digital-privacy-activist-and-programmer-1833993784">detained the Swedish citizen and open source developer Ola Bini</a>. They seized him as he prepared to travel from his home in Quito to Japan, claiming that he was attempting to flee the country in the wake of Assange’s arrest. Bini had, in fact, booked the vacation long ago, and had publicly <a href="https://gizmodo.com/ecuador-arrests-digital-privacy-activist-and-programmer-1833993784">mentioned it on his twitter account</a> before Assange was arrested.</p>
<p>Ola’s detention was full of irregularities, as <a href="https://goatsing.wordpress.com/2019/04/13/press-release-on-the-detention-of-ola-bini-2/">documented by his lawyers</a>. His warrant was for a “Russian hacker” (Bini is neither); he was not read his rights, allowed to contact his lawyer nor offered a translator.</p>
<p>The charges against him, when they were finally made public, are tenuous. Ecuador’s general prosecutor has stated that Bini was accused of <a href="https://www.article19.org/resources/ecuador-arrest-of-ola-bini-prominent-swedish-software-developer/">“alleged participation in the crime of assault on the integrity of computer systems”</a> and attempts to destabilize the country. The “<a href="https://twitter.com/martinfowler/status/1117866298002640896">evidence</a>” seized from Ola’s home that Ecuadorean police showed journalists to demonstrate his guilt was nothing more than a pile of USB drives, hard drives, two-factor authentication keys, and technical manuals: all familiar property for anyone working in his field.</p>
<p>Ola is a free software developer, who worked to improve the security and privacy of the Internet for all its users. He has worked on several key open source projects, including JRuby, several Ruby libraries, as well as multiple implementations of the secure and open communication protocol OTR. Ola’s team at ThoughtWorks contributed to Certbot, the EFF-managed tool that has provided strong encryption for millions of websites around the world.</p>
<p>Like many people working on the many distributed projects defending the Internet, Ola has no need to work from a particular location. He traveled the world, but chose to settle in Ecuador because of his love of that country and of South America in general. At the time of his arrest, he was putting down roots in his new home, including co-founding <a href="https://autonomia.digital/">Centro de Autonomia Digital</a>, a non-profit devoted to creating user-friendly security tools, based out of Ecuador’s capital, Quito.</p>
<p>One might expect the Ecuadorean administration to hold up Bini as an example of the high-tech promise of the country, and use his expertise to assist the new administration in securing their infrastructure — just as his own European Union made use of Ola’s expertise when developing its government-funded <a href="https://decodeproject.eu/">DECODE privacy</a> project.</p>
<p>Instead, Ecuador’s leadership has targeted him for arrest as a part of wider political process to distance itself from WikiLeaks. They have incorporated Ola into a media story that claims he was part of a gang of Russian hackers who planned to destabilize the country in retaliation for Julian Assange’s ejection.</p>
<p>At EFF, we are familiar with overzealous prosecutors attempting to implicate innocent coders by portraying them as dangerous cyber-masterminds, as well as demonizing the tools and lifestyle of coders that work to defend the security of critical infrastructure, not undermine it. These cases are indicative of an inappropriate tech panic, and their claims are rarely borne out by the facts.</p>
<p>As expressed by the many technologists supporting Ola Bini in <a href="https://freeolabini.org/en/statement/">our statement of solidarity</a>, Ecuador should drop all charges against him, and allow Ola to return home to his family and friends. Ecuador’s leaders undermine their country’s reputation abroad and the independence of its judicial system by this fanciful and unfounded prosecution.</p>
</div></div></div>
[EFF] How Landmark Technology’s Terrible Patent Has Survived
2019-04-17T01:06:09Z
Joe Mullin
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><h3>Stupid Patent of the Month</h3>
<p>There’s an increasing insistence from the highest echelons of the patent world that patent abuse just isn’t a thing anymore. The Director of the U.S. Patent Office, Andre Iancu, has <a href="https://www.eff.org/deeplinks/2019/02/uspto-director-iancu-patent-trolls-arent-just-monster-stories">called</a> patent trolls—a term for companies that do nothing but collect patents and sue others—mere “monster stories,” and suggested in a recent oversight hearing that it was simply name-calling. </p>
<p>But whatever you call them—trolls, non-practicing entities, or patent assertion entities—their business model, which involves stockpiling patents to sue productive companies rather than making goods or services, continues to thrive. It’s not hard to find examples of abusive patent litigation that make clear the threat posed by wrongly-issued patents is very real.</p>
<p>Take, for instance, the patents that Lawrence Lockwood owns. These patents have been used to sue companies, large and small, for nearly 20 years now. Through his company Landmark Technologies and his earlier company PanIP, more than 100 lawsuits have been filed against businesses—<a href="https://www.debrand.com/aboutus/meet-our-founder/">candy companies</a>, an <a href="https://www.learningresources.com/">educational toy maker</a>, and an <a href="https://www.capitalpress.com/ag_sectors/organic/farm-victim-of-patent-troll-lawsuit/article_08adb1cd-2683-51ac-8e9e-2d87e14013cb.html">organic farm</a>, to name a few. Because these companies engage in “sales and distribution via electronic transactions,” or use an automated system “for processing business and financial transactions,” Landmark says they infringe one of its patents.</p>
<p>Those lawsuits don’t account for the other companies that have received licensing demands, but have not been sued in court. The numerous threats made with Lockwood’s patents are made clear both by news accounts of <a href="https://www.latimes.com/archives/la-xpm-2003-feb-08-fi-patent8-story.html">Lockwood’s activity</a>, as well as the several small business owners that have reached out to EFF after being targeted by Lockwood’s patents. </p>
<p>Patent Office records show Lockwood first applied for a patent in 1984, but his litigation ramped up after he acquired U.S. Patent No. <a href="https://patents.google.com/patent/US6289319B1/en">6,289,319</a> back in September 2001. The document describes an “automatic business and financial transaction processing system,” which Lockwood has interpreted to give him rights to demand licensing fees from just about any web-based business. Upon receiving that patent, Lockwood promptly sent 100 letters to various e-commerce businesses, demanding $10,000 apiece. When that didn’t work, he started filing lawsuits.</p>
<p>For more than 15 years now, some companies have been <a href="https://www.latimes.com/archives/la-xpm-2003-feb-08-fi-patent8-story.html">paying thousands of dollars</a> to license Lockwood’s patents rather than pay the legal fees required to defend themselves. Hiring attorneys to fight the patents would have cost far more, and Lockwood was keenly aware of this leverage.</p>
<p>“Do they really want to spend $1 million and two years of their life to invalidate a patent they can license for a couple thousand dollars?” Lockwood said in 2003, <a href="https://www.latimes.com/archives/la-xpm-2003-feb-08-fi-patent8-story.html">speaking to a Los Angeles Times reporter</a> about his lawsuits. “People get divorced over this stuff. They have strokes over this.”</p>
<p>Sixteen years and more than 100 lawsuits later, stress and the expenses continue to mount for Lockwood’s targets. Through Landmark, Lockwood continues to demand money from businesses that provide basic e-commerce, although his price has gone up. Companies targeted by Landmark Technology patents in recent years have shown demand letters [<a href="https://www.eff.org/document/landmark-demand-letter-1">PDF</a>, <a href="https://www.eff.org/document/landmark-v-azure-wasco-county-letter">PDF</a>] indicating the company now demands around $65,000 to avoid a lawsuit. </p>
<p>Not a single court has ever weighed in on the merits of Lockwood’s patent claim, according to court papers [<a href="https://www.eff.org/document/pugs-v-landmark-technology-complaint">PDF</a>] filed in 2017 by one of his targets. </p>
<p>Despite some court rulings that have helped cut back patent trolling over the years, nothing has slowed down Lockwood’s broad assault on Internet commerce. This year, through a newly created company called “Landmark Technology A,” Lockwood’s patent no. <a href="https://patents.google.com/patent/US7010508B1/en">7,010,508</a>—related to the ‘319 patent that came before it—has been used to sue two more companies: a <a href="https://www.specialtybottle.com/about-us/">specialty bottle-maker</a> in south Seattle, and <a href="https://www.ussafetygear.com/">an Ohio company that sells safety equipment</a>. </p>
<p>Based on Landmark’s history, it’s unlikely these two lawsuits will be the last. </p>
<h3><strong>Continuations and Consequences</strong></h3>
<p>How did this happen, and how does it continue? Lockwood applied for his first solely-owned patent in 1984, getting it two years later. It describes a network of “information and sales terminals” that could “dispens[e] voice and video information, printed documents, and goods,” accepting credit card payments. There’s no evidence Lockwood developed any such network or even had the ability to do so. In fact, Lockwood, a former travel agent, <a href="https://www.latimes.com/archives/la-xpm-2003-feb-08-fi-patent8-story.html">reportedly admitted during a deposition</a> that he had never used a personal computer “for any length of time,” according to <a href="https://www.latimes.com/archives/la-xpm-2003-feb-08-fi-patent8-story.html">the 2003 Los Angeles Times profile</a>. </p>
<p>In the mid-90s, Lockwood sued American Airlines for patent infringement, seeking to collect royalties on its SABRE flight reservation system, which he claimed infringed three of his patents. He lost that case when, in 1997, <a href="https://caselaw.findlaw.com/us-federal-circuit/1229605.html">an appeals court agreed</a> with the district court that his patent claims were not infringed and were invalid.</p>
<p>That wasn’t the end of Lockwood’s efforts to make money through patent litigation, though. He continued to get more patents, acquiring Patent No. <a href="https://patents.google.com/patent/US6289319">6,289,319</a> in 2001, and <a href="http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&p=1&u=/netahtml/PTO/srchnum.html&r=1&f=G&l=50&d=PALL&s1=7010508.PN.">7,010,508</a> in 2006. Both patents have been used in more than 85 lawsuits, according to the LexMachina legal database. He was able to get those patents despite the fact that they were based on a patent that had been found invalid. Even better for Lockwood, he was allowed to use the “priority date” of the earlier patent. That means the only prior art that could be used to invalidate the patent would have to be from earlier than that priority date—May 24, 1984. </p>
<p>Led by a family-owned chocolate shop, a group of small businesses banded together to share legal costs and fight Lockwood’s PanIP. When they put up a website about PanIP’s abuse of the system, Lockwood sued the owner of the chocolate shop for defamation and trademark infringement.</p>
<p>The ‘319 patent, which is richly deserving of our “Stupid Patent of the Month” award, was issued because of a problem we’ve spoken about before—abuse of the continuation process.</p>
<p>The Patent Office allows applicants to file “continuation” applications with new claims, as long as they’re based on what was disclosed in previously-filed applications. This creates opportunities for applicants to game the system and get patents on advances they could not have developed. For example, even though Lockwood applied for the ‘319 patent in 1994, it’s a continuation of the original 1984 application—which means that only prior art from 1984 or earlier can be used to invalidate it. </p>
<p>Landmark’s complaints demand money from operating businesses, claiming that because their systems process “business and financial transactions between entities from remote sites,” they infringe the ‘319 patent. Their recent complaint [<a href="https://www.eff.org/document/landmark-technology-v-learning-resources-complaint">PDF</a>] against Illinois-based Learning Resources, Inc. includes a claim chart [<a href="https://www.eff.org/document/landmark-technology-v-learning-resources-claim-chart">PDF</a>] explaining the alleged infringement, which is a 42-page detailed chart that describes using a computer to order a toy on the defendant’s website. </p>
<p>That chart makes clear that Landmark’s patent doesn’t claim any particular technological advance—just the basic idea of transmitting data between networked computer terminals. </p>
<p>This patent should be invalid under Section 101 of the patent laws for failing to claim an actual invention. At best, it describes basic computer technology—like an “on-line means for transmitting said information, inquiries, and orders”— to exchange information, and respond to orders. That is a ubiquitous and essential part of e-commerce, not a patent-eligible invention.</p>
<p>Right now, lobbyists are pushing for a wholesale re-write of Section 101, which is the best chance of stopping patents like this one early enough in a case to avoid spending hundreds of thousands of dollars on lawyers and expert witnesses. Drastic alterations to Section 101 could leave targets of Landmark in an even worse position—in order to get out of a multi-million dollar lawsuit, they’ll have to find published, pre-1984 prior art describing the precise, nearly indefinable contours of Lockwood’s “invention,” and invest huge sums on prior art investigations as well as expert witness reports. </p>
<p>Before lawmakers distort Section 101 so that it’s nearly useless, they should consider campaigns like Landmark’s. It involves an “inventor” who’s long been focused on litigating patents, not creating new innovations—and who admits to leveraging the high cost of litigation defense against small businesses. Lowering the bar for patent-eligibility even further will do far more to threaten innovation than encourage it.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases: </div><div class="field__items"><div class="field__item even"><a href="/cases/abstract-patent-litigation">Abstract Patent Litigation</a></div></div></div>
[EFF] Julian Assange's Prosecution is about Much More Than Attempting to Hack a Password
2019-04-16T22:52:41Z
Cindy Cohn
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>The recent arrest of Wikileaks editor Julian Assange surprised many by hinging on one charge: a <a href="https://www.eff.org/issues/cfaa">Computer Fraud and Abuse Act </a>(CFAA) charge for a single, unsuccessful attempt to reverse engineer a password. This <a href="https://thehill.com/opinion/criminal-justice/438709-pentagon-papers-lawyer-indictment-of-assange-snare-and-delusion">might not be</a> the only charge Assange ultimately faces. The government can add more before the extradition decision and possibly even after that if it gets a waiver from the UK or otherwise. Yet some have claimed that as the indictment sits now, the single CFAA charge is a sign that the government is not aiming at journalists. We disagree. This case seems to be a clear attempt to punish Assange for publishing information that the government did not want published, and not merely arising from a single failed attempt at cracking a password. And having watched CFAA criminal prosecutions for many years, we think that neither journalists nor the rest of us should be breathing a sigh of relief. </p>
<p>The CFAA grants broad discretion to prosecutors and has been used to threaten, prosecute, and civilly sue security researchers, competitors, and disloyal employees, among others. It has notoriously severe penalties, <a href="https://www.wired.com/2016/04/journalist-matthew-keys-sentenced-two-years-aiding-anonymous/">often applied </a>out of all proportion to the offense. Here the government says the single charge of attempted, apparently unsuccessful assistance in password cracking can carry five years in prison, although under the sentencing guidelines the actual sentence would likely be lower. Remember, there is no parole in the federal judicial system. </p>
<p class="pull-quote"><span>We do not believe this will be the last time we see the CFAA used to prosecute efforts central to journalism. </span></p>
<p>While we can all agree that we need some method for prosecuting malicious computer crimes, the lack of clear limits and exceptions, combined with draconian penalties, make the CFAA a powerful hammer that prosecutors can use against those who act against the wishes of a computer owner. That’s an especially broad reach in this age of networked computers. As the tragic prosecution of our friend <a href="https://www.eff.org/deeplinks/2013/01/farewell-aaron-swartz">Aaron Swartz</a> for downloading scientific articles demonstrated, this also isn’t the first time that the CFAA has been used to bludgeon people for trying to inform the public.</p>
<p>Since journalists often work to provide us with information that the powerful do not want us to see, we do not believe this will be the last time we see the CFAA used to prosecute efforts central to journalism. </p>
<p>Of course, breaking into computers and cracking passwords in many contexts is rightly illegal. When analyzing the worst abuses of the CFAA, EFF has argued that the statute should only be applied to serious attempts to circumvent technological access barriers, including passwords. But even if the government has made a sufficient claim of a 'legitimate' CFAA violation here, it still must prove every element beyond a reasonable doubt, and it should do so without relying on irrelevant arguments about whether Wikileaks was truly engaged in journalism.</p>
<p>Whistleblower Chelsea Manning was charged in 2010 for <a href="https://www.eff.org/deeplinks/2013/07/manning-verdict-and-hacker-madness-prosecution-strategy">her role</a> in the release of approximately 700,000 military war and diplomatic records to WikiLeaks, which created front page news stories around the world and spurred significant reforms. The disclosure of classified Iraq war documents exposed human rights abuses and corruption the government had kept hidden from the public. While the disclosures riveted the globe, they also angered, embarrassed, and inconvenienced many, including the U.S. Departments of Defense and State, although no injuries or deaths were ever demonstrated as a result.</p>
<p>The Assange indictment, in contrast, arises from conversations the two had about an apparently unsuccessful attempt to access other classified documents. Here's why it seems clear to us that the government’s charge of an attempted conspiracy to violate the CFAA is being used as a thin cover for attacking the journalism. </p>
<p>First, the government spends much of the indictment referencing regular journalistic techniques that are irrelevant to the CFAA claim. The indictment includes the actual elements of the CFAA claim in paragraph 15. Here’s an attempt to translate it in plain English: pursuant to an agreement aimed at giving Assange access to secret government information, Manning gave Assange a scrambled portion of a password that would allow Manning to log into a computer in a way that would hide her identity from the government. Assange’s only alleged illegal act was trying to unscramble a portion of that password.</p>
<p>If the government wasn’t aiming further, it could have stopped there. But it didn’t. Instead it included descriptions of normal journalistic practices in the modern age: using a secure chat service, using cloud services to transfer files, removing usernames, and deleting logs to protect the source’s identity. The government includes in the indictment a cryptic comment by Assange: “curious eyes never run dry in my experience,” which it characterizes as “encouraging” violations of the law. The government’s inclusion of these facts, as well as its reference to the Espionage Act, is a strong signal that it believes these other actions should also be viewed as part of a crime. </p>
<p>On top of that, as they have since the 1990s when they want to feed the “<a href="https://www.eff.org/deeplinks/2013/07/manning-verdict-and-hacker-madness-prosecution-strategy">hacker madness</a>” narrative, the prosecutors added unnecessary computer allegations to the indictment. The indictment mentions Manning’s use of the Linux operating system, darkly described as “special software . . . to access the computer file” that contained the password. It describes the use of a secure online chat service called Jabber. It even includes the fact that Manning used a “special folder” in Wikileaks’ cloud-based file transfer system. These facts are completely irrelevant to the single CFAA claim, but they, along with the Justice Department’s press release headline trumpeting Assange’s “hacking,” appear aimed at linking and even equating journalism and use of normal technical tools with the underlying crime. </p>
<p>Second, <a href="https://ktvl.com/news/nation-world/trump-discuss-strong-march-jobs-report-and-arrest-of-wikileaks-assange">President Trump</a> himself has blurred the distinction between what Wikileaks is accused of here and mainstream journalism. In an interview just after the arrest, Trump received a lot of scorn for saying that <a href="https://www.usatoday.com/story/news/politics/2019/04/11/donald-trump-no-comment-julian-assange-says-wikileaks-not-my-thing/3434792002/">he did not know</a> much about Wikileaks, <a href="https://www.usatoday.com/story/news/politics/onpolitics/2017/03/08/donald-trump-wikileaks/98895998/">an obvious lie.</a> But <a href="https://cbsaustin.com/news/nation-world/trump-discuss-strong-march-jobs-report-and-arrest-of-wikileaks-assange">what he said</a> next should also be raising concerns about Trump’s view of the legality of normal journalistic practices: “I guess the concept is perhaps [Assange] is a reporter type and, you know, The New York Times is doing the same thing maybe and The Washington Post maybe the same thing." Trump has made no secret of his hatred for these outlets and desire to create more liability for journalists revealing facts and news he doesn’t like to the public. His words here should give journalists pause.</p>
<p>Third, legally speaking, the claim in the indictment itself seems very small. The underlying act Assange is accused of—a single failed attempt to figure out a password—was not even important enough to be included in the formal CFAA charges leveled against Manning, even though it was <a href="http://www.documentcloud.org/documents/886185-pe-123.html#document/p8">known to the prosecutors</a> and <a href="https://www.wired.com/2013/12/wikileaks-assange-manning/">reported about</a> long ago. The government made its CFAA case against Manning on her separate use of an “unauthorized” program (Wget) to actually access other materials she provided to Wikileaks, in violation of the government’s terms of use. For separate reasons, this <a href="https://www.eff.org/deeplinks/2013/07/manning-verdict-and-hacker-madness-prosecution-strategy">was not a legitimate use</a> of the CFAA, as EFF argued in its amicus brief in support of Manning. The misapplication of the CFAA to Manning is actually still pending in the appeal of Manning’s case, <a href="https://www.eff.org/deeplinks/2018/08/chelsea-manning-continues-fight-against-unfair-hacking-charge">which continues</a> despite the commutation of her sentence.</p>
<p>In the prosecutors’ desperation to find something, anything, to charge Assange, the U.S. government had to reach beyond the acts it used to court-martial Manning into something that apparently didn’t happen. While attempted violations of the CFAA are illegal, as with many other crimes, it’s still a remarkably small potatoes violation—with no apparent harm. It’s difficult to imagine that any U.S. Attorneys’ office would even investigate, much less impanel a grand jury and demand extradition for an attempted, unsuccessful effort to unscramble a single password if it wasn’t being done to punish the later publication of other materials.</p>
<p>From where we sit this prosecution feels sadly familiar. Just a few years ago this same statute was used by federal prosecutors to find something, anything, they could use to charge our friend Aaron Swartz. Swartz angered the government, first by downloading a bunch of judicial documents from the Pacer system and later, by downloading scientific journal articles from JSTOR. The government then continued the JSTOR prosecution even when JSTOR, the alleged victim, asked them to stop. Facing the CFAA’s draconian penalties, Swartz took his own life.</p>
<p>From these and other CFAA prosecutions we’ve tracked over at least the past 20 years, it’s nearly impossible to weigh the relatively narrow charge used to arrest Assange without considering the nearly decade-long effort by the U.S. government to find a way to punish Wikileaks for publishing information vital to the public interest. Anyone concerned about press freedom should be concerned about this application of the CFAA. </p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases: </div><div class="field__items"><div class="field__item even"><a href="/cases/government-demands-twitter-records">Government demands Twitter records of Birgitta Jonsdottir</a></div></div></div>
[EFF] Media Alert: EFF Argues Against Forced Unlocking of Phone in Indiana Supreme Court
2019-04-16T20:17:15Z
Karen Gullo
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Justices to Consider Fifth Amendment Right Against Self-Incrimination</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Wabash, IN—At 10 a.m. on Thursday, April 18, the Electronic Frontier Foundation (EFF) will argue to the Indiana Supreme Court that police cannot force a criminal suspect to turn over a passcode or otherwise decrypt her cell phone. The case is <em>Katelin Seo v. State of Indiana.<br /><br /></em>The Fifth Amendment of the Constitution states that people cannot be forced to incriminate themselves, and it’s well settled that this privilege against self-incrimination covers compelled “testimonial” communications, including physical acts. However, courts have split over how to apply the Fifth Amendment to compelled decryption of encrypted devices.<br /><br />Along with the ACLU, EFF responded to an open invitation from the Indiana Supreme Court to <a href="https://www.eff.org/deeplinks/2019/02/highest-court-indiana-set-decide-if-you-can-be-forced-unlock-your-phone">file an amicus brief</a> in this important case. In Thursday’s hearing, EFF Senior Staff Attorney Andrew Crocker will explain that the forced unlocking of a device requires someone to disclose “<a href="https://supreme.justia.com/cases/federal/us/530/27/#tab-opinion-1960783">the contents of his own mind.”</a> That is analogous to written or oral testimony, and is therefore protected under the U.S. Constitution.<br /><br />Thursday’s hearing is in Indiana’s Wabash County to give the public an opportunity to observe the work of the court. Over 750 students are scheduled to attend the argument. It will also be <span><a href="http://mycourts.in.gov/arguments/default.aspx?&id=2328&view=detail">live-streamed</a></span>.<br /><br />WHAT:<br />Hearing in <em>Katelin Seo v. State of Indiana<br /><br /></em>WHO:<br />EFF Senior Staff Attorney Andrew Crocker<br /><br />WHEN:<br />April 18, 10 a.m.<br /><br />WHERE:<br />Ford Theater<br />Honeywell Center<br />275 W. Market Street<br />Wabash, Indiana 46992 <br /><br />For more information on attending the argument in Wabash:<br /><u><a href="https://www.in.gov/judiciary/supreme/2572.htm">https://www.in.gov/judiciary/supreme/2572.htm<br /><br /></a></u>For more on this case:<br /><u><a href="https://www.eff.org/deeplinks/2019/02/highest-court-indiana-set-decide-if-you-can-be-forced-unlock-your-phone">https://www.eff.org/deeplinks/2019/02/highest-court-indiana-set-decide-if-you-can-be-forced-unlock-your-phone</a></u></p>
</div></div></div><div class="field field--name-field-contact field--type-node-reference field--label-above"><div class="field__label">Contact: </div><div class="field__items"><div class="field__item even"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Andrew</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Crocker</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Senior Staff Attorney</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:andrew@eff.org">andrew@eff.org</a></div></div></div> </div>
</div>
</div></div></div>
[EFF] Victory! Fairfax, Virginia Judge Finds That Local Police Use of ALPR Violates the State’s Data Act
2019-04-16T18:02:38Z
Nathan Sheard
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>Thanks to a recent </span><a href="https://www.scribd.com/document/404043069/FxLPRruling0419#fullscreen&from_embed"><span>ruling</span></a><span> by Fairfax County Circuit Court Judge Robert J. Smith, drivers in Fairfax County, Virginia need not worry that local police are maintaining ALPR records of their travels for work, prayer, protest or play.</span></p>
<p><span> Earlier this month, Judge Smith ordered an injunction against the use of the license plate database, finding that the “passive” use of Fairfax County Police Department’s </span><a href="https://www.eff.org/deeplinks/2017/04/four-flavors-automated-license-plate-reader-technology"><span>Automated License Plate Reader (ALPR)</span></a><span> system violated Virginia’s </span><a href="http://dls.virginia.gov/commission/Materials/GDCDPA.pdf"><span>Government Data Collection and Dissemination Practices Act</span></a><span> (Data Act). This means that the Fairfax County Police will be required to purge its database of ALPR data that isn’t linked to a criminal investigation and stop using ALPRs to passively collect data on people who aren’t suspected of criminal activity. The ruling came in response to a </span><a href="https://acluva.org/sites/default/files/wp-content/uploads/2015/05/DOC003.pdf"><span>complaint</span></a><span> brought by the </span><a href="https://acluva.org/en/cases/neal-v-fairfax-county-police-department"><span>ACLU of Virginia</span></a><span> in support of Harris Neal, a local resident whose license plate had been recorded at least twice by the Fairfax police.</span></p>
<p><span>Judge Smith had previously dismissed the case. In a 2016 ruling, the court ruled that license plate numbers were not covered by the state law’s limits on government data collection, because alone, they did not identify a single individual. Virginia’s Supreme Court overturned that ruling. </span></p>
<p class="pull-quote"><span><span>Information collected using ALPR data is personally identifiable. </span><br /></span></p>
<p><a href="https://www.eff.org/document/neal-v-fairfax-county-eff-amicus-brief"><span>EFF and the Brennan Center for Justice</span></a><span> filed an amicus brief when the case came before the Supreme Court of the State of Virginia, holding that information collected using ALPR data is personally identifiable. Thus, the Data Act was applicable and required the Fairfax Police to purge plate information they collect using the system.</span></p>
<p><span>In its reversal, the Virginia Supreme Court found that the photographic and location data stored in the department’s database did meet the Data Act’s definition of ‘personal information,’ but sent the case back to the Circuit Court to determine whether the database met the Act’s definition of an “information system.” Judge Smith’s ruling affirms EFF’s view that the ALPR system does indeed provide a means through which a link to the identity of a vehicle's owner can be readily made.</span></p>
<p><span>Often mounted on police vehicles or attached to fixed structures like street lights and bridges, </span><a href="https://www.eff.org/deeplinks/2017/04/four-flavors-automated-license-plate-reader-technology"><span>ALPR systems</span></a><span> comprise high-speed cameras connected to computers that photograph every license plate that passes. The systems then log, associate, and store the time, date, and location a particular car was encountered. This allows police to identify and record the locations of vehicles in real-time and correlate where those vehicles have been in the past.</span></p>
<p class="pull-quote"><span><span>Some ALPR systems are capable of scanning up to 1,600 plates per minute, capturing the plate numbers of millions of innocent, law-abiding drivers.</span></span></p>
<p><span>Using this information, police are able to establish driving patterns for individual cars. Some ALPR systems are capable of scanning up to 1,600 plates per minute, capturing the plate numbers of millions of innocent, law-abiding drivers who aren’t under any kind of investigation and just living their daily lives.</span></p>
<p><span>The Fairfax County Police Chief says he </span><a href="https://www.washingtonpost.com/crime-law/2019/04/02/judge-orders-fairfax-police-stop-collecting-data-license-plate-readers/?noredirect=on&utm_term=.7bbb05ff0ee8"><span>has asked the county</span></a><span> attorney to appeal the ruling. However, based on the broad language in the Virginia Supreme Court's original opinion, we think it's unlikely the trial court's opinion would be overruled on appeal. Although the court's ruling technically only applies to the Fairfax County Police Department, all Virginia state police agencies using ALPR should take note: passive collection and use of ALPR data violates state law and must be stopped.</span></p>
</div></div></div>
[EFF] EFF’s Tweet About an Overzealous DMCA Takedown Is Now Subject to an Overzealous Takedown
2019-04-15T06:31:22Z
Katharine Trendacosta
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Update, 4/15/2019: EFF's <a href="https://twitter.com/eff/status/1116784423167336448">tweet has been restored</a>.</p>
<p>Get ready for a tale as good as anything you’d see on television. Here’s the sequence of events: the website TorrentFreak publishes an article about a leak of TV episodes, including shows from the network Starz. TorrentFreak tweets its article, Starz sends a copyright takedown notice. TorrentFreak writes about the takedown, including a comment from EFF. EFF tweets the article about the takedown and the original article. EFF’s tweet…gets hit with a takedown.</p>
<p>TorrentFreak’s original <a href="https://torrentfreak.com/promo-screeners-of-american-gods-and-other-tv-shows-leak-online-190408/">article</a> about leaked episodes of television does contain a few screenshots of some of the leaked episodes—enough to establish the veracity of the story. It does <em>not</em> contain links to download the episodes, a fact to keep in mind as this story goes on.</p>
<p>TorrentFreak then tweeted a link to its article, which did contain a thumbnail image, but not one that matches any of the screenshots in the article. An agency acting on behalf of Starz then used the Digital Millennium Copyright Act (DMCA) to have Twitter remove the tweet, alleging copyright infringement. The complaint TorrentFreak received says the article has “images of unreleased episodes” of the show <em>American Gods</em>. It also maintains that TorrentFreak supplies “information about their illegal availability.”</p>
<p>Here’s the thing: TorrentFreak reporting about an illegal event is not illegal. Reporting about copyright infringement is not infringement. The few thumbnails—including a <em>single </em>image from <em>American Gods</em>—act as proof of the story being reported and certainly don’t replace watching entire episodes of television. (If you don’t believe me, go look at a single screenshot from a show and figure out if it scratches the same itch as watching a whole hour of TV.) The screenshot also illustrated the watermarks in the leaked episode, which suggest that the leak came from a pre-release screener copy sent to TV critics, as the TorrentFreak article discusses.</p>
<p>Articles reporting on true events are textbook examples of fair use. Using the DMCA in this way is an attack on journalism and fair use. Which is what we would have said if asked.</p>
<p>Oh, wait. We were asked. TorrentFreak followed up its first <a href="https://torrentfreak.com/starz-doesnt-like-news-about-leaked-tv-shows-takes-down-torrentfreak-tweet-190411/">article with one about the takedown</a> it received. They reached out for comment, and, among other things, EFF Senior Staff Attorney Kit Walsh told TorrentFreak:</p>
<blockquote><p>Starz has no right to silence TorrentFreak’s news article or block links to it. The article reports that there are people on the Internet infringing copyright, but that is a far cry from being an infringement itself. The screenshots are important parts of the reporting that validate the facts being reported. Starz should withdraw its takedown and refrain from harassing journalists in the future.</p>
</blockquote>
<p>As is our wont, we <a href="https://twitter.com/eff/status/1116784423167336448">tweeted</a> out a link to TorrentFreak’s original article, with text nearly identical to Walsh’s statement to TorrentFreak. A few days later, we also received a takedown and our tweet was blocked. At this point, you may have noticed just how far removed we are from anything that remotely resembles copyright infringement.</p>
<p><img src="/files/2019/04/14/torrentfreaktweet_0.png" alt="" width="1254" height="638" /></p>
<p>The DMCA notice we received from Twitter was sent by Starz. In the field labeled “links to original work,” Starz wrote “n/a.” To reiterate: in the field about where the original work being infringed on can be located, the answer is “not applicable.” Under “Description of infringement,” it says, “Link to bootleg.” There’s no bootleg link in any of the articles or tweets.</p>
<p>Sending a DMCA complaint requires a sworn statement that the person sending the complaint actually believes it to be copyright infringement. Look at this sequence of events again and try to imagine sending a takedown for our tweet honestly believing it to be infringement.</p>
<p>The DMCA process allows us to send a counterclaim, explaining that the tweet is not infringement and directing Twitter to restore the tweet, barring a copyright infringement lawsuit being filed by Starz. We have done so.</p>
<p>DMCA claims can be intimidating, especially to people who don’t know the ins and outs of the process. Fortunately, EFF is an organization that <em>definitely</em> <a href="https://www.eff.org/issues/dmca">knows its rights</a> and <a href="https://www.eff.org/issues/intellectual-property">how to exercise them.</a> And we’ll keep <a href="https://www.eff.org/takedowns">calling out abusive takedowns</a> and helping people defend their rights to speak on the Internet.</p>
</div></div></div>
[EFF] Four Steps Facebook Should Take to Counter Police Sock Puppets
2019-04-15T05:14:09Z
Dave Maass
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>Despite Facebook’s repeated warnings that law enforcement is required to use “authentic identities” on the social media platform, cops continue to create fake and </span><a href="https://www.buzzfeednews.com/article/chrishamby/government-says-federal-agents-can-impersonate-woman-online#2am3bvu"><span>impersonator</span></a><span> accounts to secretly spy on users. By pretending to be someone else, cops are able to sneak past the privacy walls users put up and bypass legal requirements that might require a warrant to obtain that same information.</span></p>
<p><span>The most recent examples</span><span>—</span><span>and one of the most egregious</span><span>—</span><span>was revealed by</span><a href="https://www.theguardian.com/technology/2019/apr/11/us-immigration-police-broke-facebook-rules-with-fake-profiles-for-college-sting"><span> The Guardian</span></a><span> this week. The U.S. Department of Homeland Security executed a complex network of dummy Facebook profiles and pages to trick immigrants into registering with a fake college, The University of Farmington. <a href="https://www.nbcnews.com/news/asian-america/u-s-set-fake-university-nab-immigration-fraud-suspects-n965086">The operation</a> netted more than 170 arrests. Meanwhile, Customs and Border Protection issued a </span><a href="https://www.wbaltv.com/article/border-agency-warns-of-privacy-risks-in-web-initiative/26964673"><span>privacy impact assessment</span></a><span> that encourages investigators to conceal their social media accounts. </span></p>
<p><a href="https://www.eff.org/deeplinks/2018/09/facebook-warns-memphis-police-no-more-fake-bob-smith-accounts"><span>Last fall</span></a><span>, after the Memphis Police Department was </span><a href="https://theappeal.org/memphis-police-surveillance-black-lives-matter-facebook-profile-exclusive/"><span>caught</span></a><span> using fake profiles to monitor Black Lives Matter activists, Facebook added new language to its </span><a href="https://www.facebook.com/safety/groups/law/guidelines/"><span>law enforcement guidelines</span></a><span> emphasizing that this practice was not permitted. Facebook also removed the offending accounts and sent Memphis </span><a href="https://www.eff.org/document/facebook-letter-memphis-police-department-fake-accounts"><span>a stern warning</span></a><span> not to do it again. However, Facebook has proven resistant to sending warning letters to every agency caught red-handed; recently it turned down a request by EFF that it confront the San Francisco Police Department after court records revealed its use of fake accounts in criminal investigations.</span></p>
<p><span>This latest DHS investigation uncovered by The Guardian, as well as </span><a href="https://www.theroot.com/the-wildly-unregulated-practice-of-undercover-cops-frie-1828731563"><span>The Root’s report</span></a><span> revealing other agencies that authorize undercover cops to friend people on Facebook, indicates that much more needs to be done.</span></p>
<p><span>EFF is now calling on Facebook to escalate the matter with law enforcement in the United States. Facebook should take the following actions to address the proliferation of fake/impersonator Facebook accounts operated by law enforcement, in addition to suspending the fake accounts.</span></p>
<ol><li><span>As part of its regular transparency reports, Facebook should publish data on the number of fake/impersonator law enforcement accounts identified, what agencies they belonged to, and what action was taken. </span></li>
<li><span>When a fake/impersonator account is identified, Facebook should alert the users and groups that interacted with the account whether directly or indirectly. These interactions include, but are not limited to, a friend request, Messenger messages, a comment, membership in a group, or being shown an advertisement. The user should know what agency operated the account and how long it was in operation. Facebook should also add a notification to the agency’s page informing the public that the agency is known to have created fake/impersonator law enforcement accounts.</span></li>
<li><span>Facebook should further amend its “</span><a href="https://www.facebook.com/terms_pages_gov.php"><span>Amended Terms for Federal, State and Local Governments in the United States</span></a><span>” to make it explicitly clear that, by agreeing to the terms, the agency is agreeing not to operate fake/impersonator profiles on the platform. Facebook has the right to take actions in response to violation of their terms, but when they do so, Facebook should be fair and consistent with the </span><a href="https://santaclaraprinciples.org/"><span>Santa Clara Principles</span></a><span>.</span></li>
<li><span>Facebook should review the department policies for social media use by law enforcement agencies. When law enforcement has a written policy of engaging in fake/impersonator law enforcement accounts in violation of the “Amended Terms for Federal, State and Local Governments in the United States,” Facebook should add a notification to the agency’s page to inform users of the law enforcement policy. </span></li>
</ol><p><span>Facebook’s practice of taking down these individual accounts when they learn about them from the press (or from EFF) is insufficient to deter what we believe is a much larger iceberg beneath the surface. We often only discover the existence of law enforcement fake profiles months, if not years, after an investigation has concluded. These four changes are relatively light lifts that would enhance transparency and establish real consequences for agencies that deliberately violate the rules. </span></p>
</div></div></div>
[EFF] Don’t Force Web Platforms to Silence Innocent People
2019-04-13T01:09:26Z
Elliot Harmon
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>The U.S. House Judiciary Committee <a href="https://judiciary.house.gov/legislation/hearings/hate-crimes-and-rise-white-nationalism">held a hearing</a> this week to discuss the spread of white nationalism, online and offline. The hearing tackled hard questions about how online platforms respond to extremism online and what role, if any, lawmakers should play. The desire for more aggressive moderation policies in the face of horrifying crimes is understandable, particularly in the wake of the <a href="https://www.eff.org/deeplinks/2019/03/ourt-thoughts-new-zealand-massacre">recent massacre in New Zealand</a>. But unfortunately, looking to Silicon Valley to be the speech police may do more harm than good.</p>
<p>When considering measures to <a href="https://www.eff.org/deeplinks/2019/03/dont-repeat-fostas-mistakes">discourage or filter out unwanted activity</a>, platforms must consider how those mechanisms might be abused by bad actors. Similarly, when Congress considers regulating speech on online platforms, it must consider both <a href="https://www.eff.org/deeplinks/2018/12/eff-us-supreme-court-rule-carefully-case-about-private-operators-state-actors-and">the First Amendment implications</a> and how its regulations might unintentionally encourage platforms to silence innocent people.</p>
<p class="pull-quote">When considering measures to discourage or filter out unwanted activity, platforms must consider how those mechanisms might be abused by bad actors.</p>
<p>Again and again, we’ve seen attempts to more aggressively stamp out hate and extremism online backfire in colossal ways. We’ve seen <a href="https://www.theverge.com/2014/9/2/6083647/facebook-s-report-abuse-button-has-become-a-tool-of-global-oppression">state actors abuse flagging systems</a> in order to silence their political enemies. We’ve seen <a href="https://www.nytimes.com/2017/08/22/world/middleeast/syria-youtube-videos-isis.html">platforms inadvertently censor the work of journalists and activists</a> attempting to document human rights atrocities.</p>
<p>But there’s a lot platforms can do right now, starting with more transparency and visibility into platforms’ moderation policies. Platforms ought to tell the public what types of unwanted content they are attempting to screen, how they do that screening, and what safeguards are in place to make sure that innocent people—especially those trying to document or respond to violence—aren’t also censored. <a href="https://jayapal.house.gov/">Rep. Pramila Jayapal</a> urged the witnesses from Google and Facebook to share not just better reports of content removals, but also internal policies and training materials for moderators.</p>
<p>Better transparency is not only crucial for helping to minimize the number of people silenced unintentionally; it’s also essential for those working to study and fight hate groups. As the Anti-Defamation League’s Eileen Hershenov noted:</p>
<blockquote><p>To the tech companies, I would say that there is no definition of methodologies and measures and the impact. […] We don’t have enough information and they don’t share the data [we need] to go against this radicalization and to counter it.</p>
</blockquote>
<p>Along with the American Civil Liberties Union, the Center for Democracy and Technology, and several other organizations and experts, EFF endorses the <a href="https://santaclaraprinciples.org/">Santa Clara Principles</a>, a simple set of guidelines to help align platform moderation practices to human rights and civil liberties principles. The Principles ask platforms</p>
<ul><li>to be honest with the public about how many posts and accounts they remove,</li>
<li>to give notice to users who’ve had something removed about what was removed, and under what rule, and</li>
<li>to give those users a meaningful opportunity to appeal the decision.</li>
</ul><p>Hershenov also cautioned lawmakers about the dangers of heavy-handed platform moderation, pointing out that social media offers a useful view for civil society and the public into how and where hate groups organize: “We do have to be careful about whether in taking stuff off of the web where we can find it, we push things underground where neither law enforcement nor civil society can prevent and deradicalize.”</p>
<p>Before they try to pass laws to remove hate speech from the Internet, members of Congress should tread carefully. Such laws risk pushing platforms toward a more highly filtered Internet, silencing far more people than was intended. As Supreme Court Justice Anthony Kennedy wrote in <a href="https://www.supremecourt.gov/opinions/16pdf/15-1293_1o13.pdf"><em>Matel v. Tam</em></a> (PDF) in 2017, “A law that can be directed against speech found offensive to some portion of the public can be turned against minority and dissenting views to the detriment of all.”</p>
</div></div></div>
[EFF] Join EFF and Help Guide Our International Policy Work
2019-04-13T00:52:06Z
Elliot Harmon
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p class="normal">Do you want to help defend civil liberties around the world? Are you an expert in copyright, intermediary liability, and European lawmaking? <span>A rare opportunity to help guide EFF in those arenas is now available—</span><a href="https://www.eff.org/opportunities/jobs/international-policy-director"><span>we're hiring an International Policy Director</span></a>. <br /></p>
<p class="normal">EFF weighs in when international lawmaking has a huge potential impact on the Internet for everyone. That’s why we banded with organizations around the world to <a href="https://www.eff.org/deeplinks/2016/11/tpp-post-mortem"><span>stop the Trans-Pacific Partnership</span></a>, whose copyright and anti-hacking measures would have changed the global Internet for the worse. It’s also why <a href="https://www.eff.org/deeplinks/2019/03/eus-parliament-signs-disastrous-internet-law-what-happens-next"><span>we fought to stop Article 13 in Europe</span></a>, which now threatens to usher in a new era of a more highly filtered web. The policy fights that will change the Internet for everyone frequently happen in international forums. <br /></p>
<p class="normal">The International Policy Director will act as a bridge between EFF's legal strategy and our international policy work. You don’t have to be a lawyer to apply, but lawyers are highly encouraged. The Director will work closely with others across EFF and lead a small team of senior policy experts, so communication skills and management experience are essential.</p>
<p class="normal">EFF has <a href="https://www.eff.org/pages/working-at-eff"><span>highly competitive</span></a><a href="https://www.eff.org/pages/working-at-eff"><span> housing</span></a><a href="https://www.eff.org/pages/working-at-eff"><span> </span></a><a href="https://www.eff.org/pages/working-at-eff"><span>benefits</span></a> to make living in the Bay Area a reality. We also have a <a href="https://www.eff.org/deeplinks/2019/02/life-eff-activist"><span>warm, welcoming, and intellectually challenging</span></a> workplace culture.</p>
<p class="normal">If you think you might be the right person for the role, <a href="https://www.eff.org/opportunities/jobs/international-policy-director">please apply</a>. Otherwise, please forward the listing on to your appropriate contacts.</p>
</div></div></div>
[EFF] Government Fights to Trap EFF’s NSA Spying Case in a Catch-22
2019-04-12T01:02:45Z
Cindy Cohn
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>The U.S. government admits—and, of course, it’s common knowledge—that the NSA conducts mass, dragnet surveillance of hundreds of millions of Americans’ communications. It has done so via a series of different technical strategies and legal arguments for over 18 years. Yet the Justice Department insists that our legal fight against this spying is bound by a <a href="https://en.wikipedia.org/wiki/Catch-22_(logic)">Catch-22</a>: no one can sue unless the court first determines that they were certainly touched by the vast surveillance mechanisms of the NSA, but the court cannot decide whether any particular person’s email, web searches, social media or phone calls were touched by the surveillance unless the government admits it. Which, of course, it will not do.</p>
<p>At a federal court hearing last month in Oakland, California for our <em>Jewel v. NSA</em> case, we took on this circular argument. EFF Special Counsel Richard Wiebe reviewed the vast trove of direct and circumstantial evidence showing our clients’ communications likely swept up by the NSA dragnet surveillance—this establishes legal “standing.” The interception of communications was first revealed in 2006 by a <a href="https://www.eff.org/document/public-unredacted-klein-declaration">whistleblower</a> working for AT&T in San Francisco, Mark Klein. Klein demonstrated, with expert assistance, that AT&T tapped into the high-capacity fiber optic cables that carry Internet traffic and copied all of the data flowing through those cables for the NSA. A 2009 draft NSA Inspector General’s <a href="https://oig.justice.gov/special/s0907.pdf">report</a> confirms that telecom companies including AT&T gave the NSA access to customers’ communications. Justice Department <a href="https://www.realclearpolitics.com/Commentary/com-1_20_06_MK.html">officials</a> and <a href="https://www.dni.gov/files/documents/Facts%20on%20the%20Collection%20of%20Intelligence%20Pursuant%20to%20Section%20702.pdf">government</a> <a href="https://www.pclob.gov/library/702-Report.pdf#page=126">agencies</a> have acknowledged its existence going back a decade. Ex-NSA contractor and whistleblower Edward Snowden leaked <a href="https://www.documentcloud.org/documents/727943-exhibit-a.html">documents</a> describing the spying and <a href="https://www.eff.org/deeplinks/2018/11/snowden-files-declaration-nsa-spying-case-confirming-authenticity-draft-inspector">authenticated a key </a>document for the court when the government refused. And just this past year, an additional <a href="https://www.eff.org/deeplinks/2018/10/new-witness-and-new-experts-bolster-our-jewel-case-we-fight-governments-latest-0">whistleblower</a> and several other experts have submitted statements explaining that the surveillance program likely touched our clients’ communications.</p>
<p>We also noted that it’s not necessary to absolutely establish that our client’s communications were touched by the surveillance to prevent dismissal. We must only demonstrate that it is more likely than not that our clients’ communications were touched by the NSA’s three programs of telephone record collection, Internet metadata collection, and Internet backbone surveillance. Given the mountain of evidence that we have presented and the admitted scope of the program, there is almost no chance that our clients’ communications—like the communications of millions of innocent Americans—weren’t touched by the government's programs.</p>
<p>“Direct and circumstantial evidence are both enough for standing,” Wiebe told the court. “The public evidence, combined with classified evidence, will remove any question about standing.”</p>
<p>We also directly addressed the government’s state secret claims, which were first rejected by the Court in 2006 but which the DOJ continues to assert. We got a boost from a recent court <a href="http://cdn.ca9.uscourts.gov/datastore/opinions/2019/02/28/12-56867.pdf">ruling</a> in the U.S. District Court of Appeals for the Ninth Circuit, <em>Fazaga v FBI</em>, which flatly rejected the application of the state secret privilege in electronic surveillance cases. It instead found that Congress required the courts to use a part of the Foreign Intelligence Surveillance Act, 50 U.S.C. 1806(f), to decide whether the alleged spying was lawful. That same law <a href="https://www.eff.org/document/plaintiffs-opposition-governments-summary-judgment-motion-and-plaintiffs-motion-proceed">should be used</a> in <em>Jewel</em>.</p>
<p class="pull-quote">Snowden submitted a declaration in our case confirming that he had seen the report when he was an NSA contractor. DOJ attorneys told the court that Snowden was “not competent” to testify.</p>
<p>Justice Department lawyers fought back hard, claiming that our evidence wasn’t enough. They said that the court cannot rely on the draft NSA Inspector General’s report because the NSA has refused to formally authenticate it — despite never claiming it was fake. Because the government refused to formally acknowledge the document, Snowden submitted a declaration in our case confirming that he had seen the report when he was an NSA contractor. DOJ attorneys told the court that Snowden was “not competent” to testify. As for the Ninth Circuit ruling, DOJ attorneys said it doesn’t apply because our plaintiffs must first prove that they were surveilled — and they cannot do that unless the government agrees.</p>
<p>Rather circular, no? Our clients can’t sue because a court isn’t allowed to rule on whether they have standing because that would harm national security. And they can’t test the government’s claim of national security, because they don’t have standing.</p>
<p>If U.S. District Court Judge Jeffrey White rules that he is indeed trapped by the government’s Catch-22 argument, then EFF will be required, once again, to take the case to the Ninth Circuit to have the decision reversed.</p>
<p>Despite the government’s ongoing efforts to kill it, Jewel v. NSA has come further than any case challenging NSA spying. At this point, <a href="https://www.eff.org/deeplinks/2018/12/long-fight-stop-mass-surveillance-2018-review">18 years in</a>, two of the three programs at issue in the case have been stopped due in part to public outcry. The third was radically scaled back. At least two programs—telephone records and Internet metadata—were reportedly abandoned in part because, despite significant financial costs and ongoing harms to the rights of millions of Americans, they showed no appreciable benefit in protecting anyone.</p>
<p>Yet the government’s strategy of continually throwing up roadblocks has kept us from getting to the heart of the matter: the NSA has flipped the basic rules of government access to your private papers upside down. Instead of gaining access only when they have specific basis to believe that you’ve done something wrong, the NSA first collects or scans our communications en masse, then sorts out what they really want second. This is a digital version of a “general warrant”— sweeping authority to search Americans without any suspicion — which were used in colonial times and rejected by the nation’s founders. John Adams even claimed that the opposition to general warrants <a href="https://www.eff.org/files/filenode/att/generalwarrantsmemo.pdf">fueled the American Revolution.</a></p>
<p>Now the government has resorted to arguing that what is common knowledge in the world, and what the <a href="https://www.eff.org/deeplinks/2018/09/uk-surveillance-regime-violated-human-rights">European Courts</a> have now ruled about multiple times, must never be spoken of in an adversarial process in an American court of law. That’s not right, and we’ll keep fighting for our clients to have their day in court.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases: </div><div class="field__items"><div class="field__item even"><a href="/cases/jewel">Jewel v. NSA</a></div></div></div>
[EFF] California’s Attorney General Wants to Empower People to Protect Their Privacy. Sacramento Legislators Should Listen.
2019-04-12T00:44:06Z
Hayley Tsukayama
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>California’s lawmakers took a much-needed step last year by passing the California Consumer Privacy Act as a foundation for consumer privacy rights. Now they need to step up to make sure it can work as intended. One of the major issues <a href="https://oag.ca.gov/news/press-releases/attorney-general-becerra-senator-jackson-introduce-legislation-strengthen">identified by the California Attorney General (AG) Xavier Becerra</a> is that the limited resources the legislature has provided the AG to protect consumer privacy means the CCPA’s goals — and the privacy rights Californians want and deserve — will be undercut before the law goes into effect next year.</p>
<p>In response, California’s Senate Judiciary Committee this week passed Sen. Hannah-Beth Jackson’s bill, S.B. 516, which would give the AG’s office much-needed support to enforce the law, including by allowing every Californian to act as their own privacy enforcer with the right to challenge companies that violate their privacy in court. 94 percent of Californians want the right to take a company to court if they violate their privacy rights, according to polling from the <a href="https://www.aclunc.org/blog/will-california-lawmakers-vote-protect-californians-privacy-or-tech-industry-profits">American Civil Liberties Union</a>. S.B. 516 also eliminates the 30-day “right to cure” in the CCPA that gives companies that have already violated people’s privacy rights a grace period to clean up their act after the fact. It also eliminates any taxpayer subsidies for compliance with the law as originally written into the bill as a favor to industry.</p>
<p>Attorney General Becerra has been crystal clear that the CCPA does not provide the tools his office needs to protect our privacy. Immediately after the law passed, <a href="https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2018/08/ag-becerras-letter-re-california-consumer-privacy-act.pdf">Becerra sent a letter</a> to the legislature, outlining several concerns about the law and how much strain it could place on his office, because it centralized enforcement power within the Attorney General's office (AGO).</p>
<p>Crucially, he pointed out that the CCPA has only a limited right for people to sue companies that violate their privacy rights; the current law only allows a lawsuit for data breaches. He asked for consumers to have the right to sue for any violation of the law.</p>
<p>“The lack of a private right of action, which would provide a critical adjunct to governmental enforcement, will substantially increase the AGO’s need for new enforcement resources,” Becerra wrote in August. “I urge you to provide consumers with a private right of action under the CCPA.”</p>
<h3><strong>Holding Companies Accountable</strong></h3>
<p>Sen. Jackson heard Becerra’s call and crafted a bill that includes a private right of action for any CCPA violation. Augmenting the basic enforcement measures in the CCPA assures that Californians can enjoy the rights the law promises.</p>
<p><span>Without such measures, it's basically “having a right without a remedy," as Chair Jackson put it herself to her Judiciary Committee colleagues.</span></p>
<p><strong></strong>Lawmakers say they want to hold companies accountable for the ways these firms use and abuse our personal information. Yet the current law leaves people with no way to fight back against even clear-cut, egregious privacy violations.<strong><em> </em></strong>For example, the CCPA currently gives people the right to ask companies not to sell their data, but only the AG can bring a lawsuit to enforce that right. Thus, if a provider sold people's geo-location information to bounty hunters — something AT&T, T-Mobile, and Sprint actually did until federal lawmakers learned about it from a <a href="https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bounty-hunter-300-dollars-located-phone-microbilt-zumigo-tmobile">Motherboard investigation</a> and called on <a href="https://www.cnet.com/news/at-t-is-cutting-off-all-location-data-sharing-ties-by-march/">the FCC to stop them </a>— the victims could not themselves sue.</p>
<p>Companies can and must be held accountable for their harmful actions. Becerra and his office have made clear the path they see to doing so is by making sure more people can enforce the law—adding a force of millions of Californians to act as their own advocates. <strong> <br /></strong></p>
<h3><strong>Sticking to “The Deal” that Passed CCPA? What About Your Duties to Your Constituents?</strong></h3>
<p><strong></strong>Some senators on the committee said that strengthening the CCPA—and giving the AG the tools he himself believes necessary to protect the privacy of Californians — breaks a “deal” lawmakers struck with the tech industry to pass the CCPA in the first place.</p>
<p>What lawmakers should remember is that their most important deal is with their constituents. 96 percent of Californians, across every demographic, support stronger privacy laws <a href="https://www.aclunc.org/blog/will-california-lawmakers-vote-protect-californians-privacy-or-tech-industry-profits">according to ACLU polling</a>. In fact, we have consistently seen <a href="https://tfreedmanconsulting.com/reports/poll-finds-strong-support-for-expanding-online-privacy-protections-and-internet-access/">polls show a super majority</a> of Americans believe they should be able to say no to companies that monetize their personal information without their permission. Meanwhile, companies are already working to erode the law by sponsoring bills to weaken the CCPA and add carveouts for their own benefit.</p>
<p>These polling numbers should tell lawmakers all they need to know. But if they need further convincing, they should listen to the person most familiar with the capabilities and limits of the Attorney General’s Office — literally, the Attorney General — who is asking the legislature for help. </p>
<p>Californians deserve the privacy that the California Constitution and the legislature have already affirmed is their right. Now, they need a law that they can enforce.</p>
</div></div></div>
[EFF] EFF Statement on Assange Indictment and Arrest
2019-04-11T18:15:34Z
Cindy Cohn
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p class="p1">While the <a href="https://www.apnews.com/328522adb35b4445a3fb875d63fb0870">indictment of Julian Assange</a> centers on an alleged attempt to break a password—an attempt that was not apparently successful—it is still, at root, an attack on the publication of leaked material and the most recent act in an almost decade-long effort to punish a whistleblower and the publisher of her leaked material. Several parts of the indictment describe very common journalistic behavior, like using cloud storage or knowingly receiving classified information or redacting identifying information about a source. Other parts make common free software tools like Linux and Jabber seem suspect. And while we are relieved that the government has not chosen to include publication-based charges today, the government can issue additional charges for at least another two months. It should not do so. Leaks are a vital part of the free flow of information that is essential to our democracy. Reporting on leaked materials, including reporting on classified information, is an essential role of American journalism.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases: </div><div class="field__items"><div class="field__item even"><a href="/cases/government-demands-twitter-records">Government demands Twitter records of Birgitta Jonsdottir</a></div></div></div>
[EFF] Victory! The House of Representatives Passes Net Neutrality Protections
2019-04-10T16:38:24Z
Katharine Trendacosta
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>In a vote of 232-190, the House of Representatives passed the Save the Internet Act (H.R. 1644). This is a major step forward in the fight for net neutrality protections, and it’s because you spoke up about what you want.</p>
<p>The Save the Internet Act was written to restore the strong and hard-fought protections of the 2015 Open Internet Order. Americans <a href="https://blog.mozilla.org/blog/2018/04/23/new-mozilla-poll-support-for-net-neutrality-grows-as-trust-in-isps-dips/">overwhelmingly support</a> an Internet where Internet service providers (ISPs) have to treat all the data transmitted over their networks in a nondiscriminatory way. In other words, where ISPs don’t act as gatekeepers to the Internet and where you, the user, decide how and what you want to see online. As <a href="https://www.eff.org/deeplinks/2017/05/bad-broadband-market-begs-net-neutrality-protections">many Americans have no choice when it comes to their ISP</a>, it is vital that they retain control over their online experience.</p>
<p class="pull-quote">Americans overwhelmingly support an Internet where Internet service providers (ISPs) have to treat all the data transmitted over their networks in a nondiscriminatory way.</p>
<p>Famously, violations of net neutrality have included the practices of blocking, throttling, and paid prioritization. But that is not all that ISPs can do to warp your Internet experience. The Open Internet Order of 2015 prohibited these three techniques, while also including privacy and competition protections. All of these things would be restored with the Save the Internet Act. We deserve a <a href="https://www.eff.org/deeplinks/2019/02/public-deserves-return-2015-open-internet-order">return to the 2015 order</a>, not a <a href="https://www.eff.org/deeplinks/2019/02/real-net-neutrality-more-ban-blocking-throttling-and-paid-prioritization">watered-down version of net neutrality</a>.</p>
<p>The Save the Internet Act <a href="https://www.eff.org/deeplinks/2019/03/real-net-neutrality-protections-passed-their-first-vote">could have had</a> <a href="https://www.eff.org/deeplinks/2019/04/net-neutrality-bill-passes-crucial-committee-vote">damaging or weakening amendments</a> added to it on its way to today’s vote, but you spoke up and told your Representatives that you wanted real net neutrality and not net neutrality in name only. That’s why the Save the Internet Act passed unscathed.</p>
<p>A number of amendments did get added to the bill, but they are mostly about directing research by government agencies into the state of the Internet and FCC accountability.</p>
<p>One amendment does give us pause, though. The last amendment to the bill (McAdams), affirms a bit from the old Open Internet Order, saying that the net neutrality prohibition on blocking doesn’t prevent ISPs from blocking “illegal” content, <a href="https://www.eff.org/mention/us-net-neutrality-has-massive-copyright-loophole">a distinction that includes copyrighted material</a>. Users do not want an ISP to substitute for a court of law on determining the legality of speech online. Users want ISPs to simply provide broadband access and serve as conduits of our speech. A broad reading of this amendment could easily have <a href="https://www.eff.org/files/eff_comcast_report.pdf">greenlit Comcast’s throttling of Bit Torrent</a>, which led to a <a href="https://www.cnet.com/news/fcc-formally-rules-comcasts-throttling-of-bittorrent-was-illegal/">past FCC sanctioning</a> the cable company for violating net neutrality. </p>
<p>EFF had <a href="https://www.eff.org/mention/us-net-neutrality-has-massive-copyright-loophole">concerns with the original 2015 order</a>, as it seemed to let ISPs make their own determinations of legality, rather than say that blocking content deemed illegal to a court is not a violation of the order. As ISPs and media companies become even more intertwined, it’s easy to imagine this loophole being exploited. However, legislative debate between Rep. Ben McAdams, the amendment’s author, and Rep. Mike Doyle, the lead author of the Save the Internet Act, made clear that this amendment did not give an ISP the right to censor content solely because the ISP thought the content was unlawful.</p>
<p>As the Save the Internet Act is debated in the Senate and comes up to a final vote, we’ll fight to keep net neutrality protections from having a copyright loophole. But before we can do that, we need the Senate to take up net neutrality as an issue.</p>
<p>Last year, <a href="https://www.eff.org/deeplinks/2018/05/senate-voted-stand-net-neutrality-now-tell-house-do-same">a majority of the Senate</a> voted to overturn the FCC. Like the Save the Internet Act, that Congressional Review Act vote would have restored the protections of the 2015 Open Internet Order. It’s time to ask the Senate to once again show a commitment to a free and open Internet. Contact your Senators and <a href="https://act.eff.org/action/tell-the-senate-to-restore-full-net-neutrality-protections">tell them to co-sponsor the Save the Internet Act</a> (<a href="https://www.congress.gov/bill/116th-congress/senate-bill/682/">S. 682</a>).<strong></strong></p>
<p class="take-action"><a href="https://act.eff.org/action/tell-the-senate-to-restore-full-net-neutrality-protections">Take Action</a></p>
<p class="take-explainer"><a href="https://act.eff.org/action/tell-the-senate-to-restore-full-net-neutrality-protections">Protect Net Neutrality</a></p>
</div></div></div>
[EFF] The Los Angeles Department of Transportation’s Ride Tracking Pilot is Out of Control
2019-04-10T00:31:56Z
Nathan Sheard
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>The Los Angeles Department of Transportation (LADOT) is about to make a bad privacy situation worse, and it’s urgent that Los Angeles residents </span><a href="https://act.eff.org/action/tell-the-city-council-to-put-the-brakes-on-ladot-s-rider-surveillance-program"><span>contact their city council representatives</span></a><span> today to demand they put the brakes on LADOT’s irresponsible data collection. The agency plans to scoop up trip data on every single e-bike and scooter ride taken within the city and, left unchecked, it will do so in the absence of responsible and transparent policies to mitigate the privacy risks to Los Angeles riders. </span></p>
<p class="take-action"><a href="https://act.eff.org/action/tell-the-city-council-to-put-the-brakes-on-ladot-s-rider-surveillance-program">Take Action</a></p>
<p class="take-explainer"><a href="https://act.eff.org/action/tell-the-city-council-to-put-the-brakes-on-ladot-s-rider-surveillance-program">Tell The City Council To Put The Brakes on LADOT's Rider Surveillance Program </a></p>
<p>Location data is among the most sensitive forms of information related to a person's privacy. Collected over time, people’s movements from place to place reveal a good deal about them: where they work, where they play, where they worship, their political leanings, and even personal and familial relationships. While the U.S. <a href="https://www.eff.org/cases/carpenter-v-united-states"><span>Supreme Court</span></a><span> and </span><a href="https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180AB375"><span>California’s State Legislature</span></a><span> are in agreement on the sensitivity of location data, the Los Angeles Department of Transportation appears to be much less convinced.<br /></span><span><br /></span><span>EFF and OTI have </span><a href="https://www.newamerica.org/oti/press-releases/la-department-transportation-must-address-serious-privacy-threats-posed-collection-highly-detailed-scooter-and-bike-location-data/"><span>called on LADOT</span></a><span> to start taking the privacy of Los Angeles residents seriously and cease moving forward with its invasive data collection plans until it has real policies in place to protect the data. </span><a href="https://act.eff.org/action/tell-the-city-council-to-put-the-brakes-on-ladot-s-rider-surveillance-program"><span>Make your voice heard, too</span></a><span>. </span></p>
<h2>A Tale of Two API’s</h2>
<p><span>In September, after the streets of Los Angeles were overwhelmed with dockless e-bikes and scooters, the Los Angeles City Council passed an </span><a href="http://clkrep.lacity.org/onlinedocs/2017/17-1125_ORD_185785_10-05-2018.pdf"><span>ordinance</span></a><span> calling for the creation of a Shared Mobility Device Pilot Program. In part, the ordinance called on LADOT to issue permits and set guidelines aimed at reducing sidewalk interference and regulating vehicle speed. </span></p>
<p><span>LADOT’s </span><a href="https://github.com/CityOfLosAngeles/mobility-data-specification"><span>Mobility Data Specification</span></a><span> (MDS), part of which went into effect shortly after the ordinance passed in September, gives the agency the ability to request massive amounts of information about Los Angeles riders and their day-to-day travels. Specifically, the MDS requires dockless mobility permit holders like LimeBike and Bird to provide LADOT access to a provider-side application processing interface (API), allowing the agency to demand granular trip data for dockless bicycle and scooter rides. This trip data includes extremely precise, time-stamped, location data from the beginning to the end of each trip.</span></p>
<p class="pull-quote"><span><span>LADOT has not grappled with the serious privacy and civil liberties issues implicated by such a massive data collection campaign.</span></span></p>
<p><span>The problem? LADOT has not grappled with the serious privacy and civil liberties issues implicated by such a massive data collection campaign. Months later, despite requests from </span><a href="https://www.eff.org/document/eff-oti-letter-urgent-concerns-regarding-lack-privacy-protections-sensitive-personal-data"><span>EFF and the Open Technology Institute</span></a><span>; and the </span><a href="https://cdt.org/insight/comments-to-ladot-on-privacy-security-concerns-for-data-sharing-for-dockless-mobility/"><span>Center for Democracy and Technology</span></a><span>, LADOT still fails to acknowledge the raw trip data it collects through its MDS is personal data pertaining to real movements of real individuals. More importantly, it has failed to set out basic privacy protections for the sensitive location data it collects every time Los Angeles residents take a dockless scooter or e-bike ride through their city. </span></p>
<p><span>Now, despite their lack of a clearly articulated plan to protect Los Angeles residents from the potential harms that could result from the exposure of this data, LADOT plans to make a bad situation worse. Beginning on April 15, LADOT will require dockless mobility operators to push trip data for </span><i><span>each and every e-bike and scooter ride </span></i><span>taken within the City directly to LADOT, and its for-profit partner Remix, through a new agency-side API as well. </span></p>
<h2>Responsible Data Collection Requires Responsible Data Policy</h2>
<p><span>In </span><a href="https://www.eff.org/document/eff-oti-letter-urgent-concerns-regarding-lack-privacy-protections-sensitive-personal-data"><span>our letter to the Los Angeles City Council</span></a><span>, EFF and OTI have called on the Council to put the brakes on these additional data sharing requirements before the April 15 deadline. LADOT should by no means be moving forward with increased data demands when it has yet to address the privacy and civil liberties concerns raised by earlier stages of the MDS. </span></p>
<p><span>So far, LADOT has issued only high-level “</span><a href="https://ladot.io/wp-content/uploads/2019/03/LADOT_Data_Protection_Principles-1.pdf"><span>Data Protection Principles</span></a><span>,” which amount to a list of aspirations and buzz words you would want to see in a strong policy: ‘de-identification,’ ‘data minimization,’ ‘aggregation.’ But they provide no meaningful, enforceable restrictions to protect the privacy of Los Angeles residents. These “principles” are a far cry from the transparent, actionable, and enforceable data privacy policies we would expect of any city agency demanding this level of sensitive information about Los Angeles residents. </span></p>
<p><span>Furthermore, LADOT’s failure to limit law enforcement access to raw trip data through anything less than a warrant signed by a judge is in seeming opposition to the Supreme Court’s holding in </span><a href="https://www.supremecourt.gov/opinions/17pdf/16-402_h315.pdf"><i><span>Carpenter v. United States</span></i></a><span>, which held that “the Government must generally obtain a warrant supported by probable cause before acquiring” location records. In its ruling, The Court recognized that time-stamped location data “provides an intimate window into a person’s life, revealing not only his particular movements, but through them his familial, political, professional, religious, and sexual associations.” The Supreme Court’s analysis of the sensitivity of location data was echoed by the California State Legislature when it passed the </span><a href="https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180AB375"><span>California Consumer Privacy Act</span></a><span> (CCPA)—explicitly listing geolocation information as personal information and affirming that “any information that can be reasonably linked, directly or indirectly, with a particular consumer should be considered “personal information." </span></p>
<p class="pull-quote"><span><span>Even with names stripped out, location information is notoriously easy to re-identify.</span></span></p>
<p><span>Part of the problem is LADOT’s failure to acknowledge the sensitive nature of trip information, </span><a href="http://clkrep.lacity.org/onlinedocs/2017/17-1125_rpt_DOT_05-18-2018.pdf"><span>claiming</span></a><span> that the MDS requires “no personally identifiable information about users </span><i><span>directly</span></i><span>.” (emphasis added). But even with names stripped out, location information is notoriously easy to re-identify—particularly for habitual trips. To demonstrate the process through which this information could be re-identified, EFF Staff Technologists—in a cursory analysis of </span><a href="https://www.citibikenyc.com/system-data"><span>publicly available data</span></a><span> from New York City’s rideshare program, CitiBike—identified what is likely a single rider regularly leaving home between 7:30 am and 8 am each morning and returning home just after 6 pm each evening. Unlike New York’s public rideshare program, which requires riders to pick-up and return bikes at docking stations dispersed throughout the city, LADOT’s program applies to dockless bikes and scooters, so the location data acquired through Los Angeles’ dockless mobility program is even more unique to each rider. Yet, even with the data available through CitiBike, one need only wait for our rider’s regular routine to begin one morning in order to confirm his identity. This may seem innocuous, but what if our rider was a domestic violence survivor at risk of being stalked by their assaulter? Or, instead of a regular commute to and from work or school, the data showed our rider taking regular trips to attend Jummah prayer at a local mosque or meetings of a local political organization? The potential threat to their safety as well as religious and political freedom makes it easy to see how critical it is that LADOT and the City Council act to protect this sensitive personal information.</span></p>
<h2>Act Now</h2>
<p><span>LADOT’s </span><a href="https://github.com/CityOfLosAngeles/mobility-data-specification/pull/255"><span>GitHub Repository</span></a><span> and June 2018 press release announcing “</span><a href="https://ladot.lacity.org/sites/g/files/wph266/f/LADOT%20Press%20Release%20Street%20Strategic%20Implementation%20Plan.pdf"><span>A New Digital Playbook for Mobility</span></a><span>” make it clear the department has no intention of stopping at dockless e-bikes and scooters. At the same time, LADOT’s General Manager Seleta Reynolds, in her capacity as an official within the National Association of City Transportation Officials, also seems intent on </span><a href="https://web.archive.org/web/20190410003208/https://www.politico.com/states/california/story/2019/03/01/this-is-creepy-in-la-scooters-become-the-next-data-privacy-fight-883121"><span>spreading this methodology</span></a><span> to other cities across the U.S. The people of Los Angeles and cities across the country deserve safe streets. They also deserve the freedom to move about those streets without undue risks to their privacy and physical well-being through unchecked vehicle surveillance. With the April 15 compliance deadline for the next phase in Los Angeles dockless mobility program quickly approaching, </span><span>it’s urgent that Los Angeles residents contact their City Council representative today, and <a href="https://act.eff.org/action/tell-the-city-council-to-put-the-brakes-on-ladot-s-rider-surveillance-program">demand that they put the brakes</a> on LADOT’s irresponsible data collection.</span></p>
</div></div></div>
[EFF] Platform Liability Doesn’t – And Shouldn’t - Depend on Content Moderation Practices
2019-04-09T23:01:50Z
India McKinney
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>In April 2018, House Republicans <a href="https://www.eff.org/deeplinks/2018/04/platform-censorship-wont-fix-internet">held a hearing</a> on the “<a href="https://judiciary.house.gov/hearing/full-committee-hearing-filtering-practices-of-social-media-platforms/">Filtering Practices of Social Media Platforms</a>” that focused on misguided claims that Internet platforms like Google, Twitter, and Facebook actively discriminate against conservative political viewpoints. Now, a year later, Senator Ted Cruz is poised to take the Senate down the same path: he's leading a hearing this week on “<a href="https://www.judiciary.senate.gov/about/subcommittees/subcommittee-on-the-constitution">Stifling Free Speech: Technological Censorship and the Public Discourse</a>.”</p>
<p>While we certainly agree that online platforms have created content moderation systems that remove speech, we don’t see evidence of systemic political bias against conservatives. In fact, the voices that are silenced more often belong to <a href="https://www.theguardian.com/technology/2016/may/23/facebook-bans-photo-plus-sized-model-tess-holliday-ad-guidelines">already</a> <a href="https://www.theverge.com/2018/6/4/17424472/youtube-lgbt-demonetization-ads-algorithm">marginalized</a> or <a href="https://www.theverge.com/2017/2/24/14719828/twitter-account-lock-ban-swearing-abuse-moderation">less-powerful</a> <a href="https://www.businessinsider.com/facebook-apologises-for-removing-anne-frank-center-child-holocaust-image-2018-8">people</a>. </p>
<p>Given the lack of evidence of intentional partisan bias, it seems likely that this hearing is intended to serve a different purpose: to build a case for making existing platform liability exemptions dependent on "politically neutral" content moderation practices. Indeed, Senator Cruz seems to think that’s already the law. Questioning Facebook CEO Mark Zuckerberg last year, Cruz asserted that in order to enjoy important legal protections for free speech, <a href="https://www.foxnews.com/opinion/sen-ted-cruz-facebook-has-been-censoring-or-suppressing-conservative-speech-for-years">online platforms must adhere to a standard of political neutrality in their moderation decisions</a>. Fortunately for Internet users of all political persuasions, he’s wrong.</p>
<p>Section 230—the law that protects online forums from many types of liability for their users’ speech—does not go away when a platform decides to remove a piece of content, whether or not that choice is “politically neutral.” In fact, Congress specifically intended to protect platforms’ right to moderate content without fear of taking on undue liability for their users’ posts. Under the First Amendment, platforms have the right to moderate their online platforms however they like, and under Section 230, they’re additionally shielded from some types of liability for their users’ activity. It’s not one or the other. It’s both.</p>
<p>In recent months, <a href="https://www.fastcompany.com/90252598/ted-cruz-made-it-clear-he-supports-repealing-tech-platforms-safe-harbor">Sen. Cruz</a> and <a href="https://www.techdirt.com/articles/20181221/08453941278/rep-louie-gohmert-wants-to-strip-section-230-immunity-social-media-platforms-that-arent-neutral.shtml">a few of his colleagues</a> have suggested that the rules should change, and that platforms should lose Section 230 protections if those platforms aren’t politically neutral. While such proposals might seem well-intentioned, it’s easy to see how they would backfire. Faced with the impossible task of proving perfect neutrality, many platforms—especially those without the resources of Facebook or Google to defend themselves against litigation—would simply choose to curb potentially controversial discussion altogether and even refuse to host online communities devoted to minority views. We have already seen the impact <a href="https://www.eff.org/deeplinks/2018/03/how-congress-censored-internet">FOSTA</a> has had in <a href="https://www.washingtonblade.com/2018/03/26/sex-trafficking-bill-prompts-craigslist-drop-personal-ads/">eliminating online platforms</a> where vulnerable people could connect with each other.</p>
<p>To be clear, Internet platforms do have a problem with over-censoring certain voices online. These choices can have a big impact in already marginalized communities <a href="http://centerformediajustice.org/2017/01/18/coalition-urges-changes-to-facebook-censorship/">in the U.S.</a>, as well as in countries that don’t enjoy First Amendment protections, such as places like <a href="https://www.thedailybeast.com/exclusive-rohingya-activists-say-facebook-silences-them">Myanmar</a> and <a href="https://www.nytimes.com/2018/04/15/world/asia/china-gay-ban-sina-weibo-.html">China</a>, where the ability to speak out against the government is often quashed. EFF and others have <a href="https://www.eff.org/press/releases/eff-and-coalition-partners-push-tech-companies-be-more-transparent-and-accountable">called</a> for Internet companies to provide the public with real transparency about whose posts they’re taking down and why. For example, platforms should provide users with real information about what they are taking down and a meaningful opportunity to appeal those decisions. Users need to know why some language is allowed and <a href="https://www.propublica.org/article/facebook-enforcement-hate-speech-rules-mistakes">the same language in a different post</a> isn’t. These and other suggestions are contained in the <a href="https://newamericadotorg.s3.amazonaws.com/documents/Santa_Clara_Principles.pdf">Santa Clara Principles</a>, a proposal endorsed by more than <a href="https://santaclaraprinciples.org/open-letter/">75 public interest groups around the world</a>. Adopting these Principles would make a real difference in protecting people’s right to speak online, and we hope at least some of the witnesses tomorrow will point that out.</p>
</div></div></div>
[EFF] Victory! Second Circuit Affirms Dismissal of Latest Threat to Section 230
2019-04-08T20:24:34Z
Jamie Williams
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>In a victory for online freedom of expression, the Second Circuit has <a href="https://www.eff.org/document/herrick-v-grindr-summary-order-03-27-2019">affirmed</a> the dismissal of a dangerous lawsuit that would threaten to undercut what makes the Internet an essential tool for modern life. EFF filed an <a href="https://www.eff.org/document/amicus-brief-41">amicus</a> brief in the case, <em>Herrick v. Grindr</em>, last fall, urging the court to do the right thing. We’re happy to report that the court heeded our warning.</p>
<p>The plaintiff in the case, Matthew Herrick, <a href="https://fox59.com/2017/04/16/man-sues-grindr-after-1100-strangers-show-up-at-his-home-workplace-for-sex/">alleged</a> that he has been mercilessly harassed online by an ex-boyfriend, who appears to have created a series of fake profiles of Herrick on the gay-dating app Grindr. Herrick said that more than 1000 men have arrived at his home and his work, thinking that they were invited for sex. In his lawsuit, Herrick asked that Grindr be held responsible for the fake profiles and the damage caused by his ex-boyfriend. While what happened to Herrick is despicable, it’s the perpetrator that should be held responsible, not the online space where the harassment happened. If it were successful, <em>Herrick v. Grindr</em> would have threatened free speech and innovation online.</p>
<p>A provision of the Communication Decency Act called Section 230—short for <a href="https://www.eff.org/issues/cda230">47 U.S.C. § 230</a>—protects intermediaries like ISPs, social media sites, and dating sites like Grindr from liability for what their users say or do. This is not for the platforms’ sake: it’s for the users. When Congress passed Section 230, it recognized that if our legal system failed to robustly protect intermediaries, it would fail to protect free speech online.</p>
<p>Intermediary platforms are the essential architecture of today’s Internet. They are the primary way that the majority of people engage with one another online. Platforms from giants like Facebook and Twitter to small community forums and local news sites allow users to connect with family and friends all over the world—all without learning to code or expending significant financial resources. Weakening the legal protections for online intermediaries in Section 230 would cause platforms to ramp up their moderation practices, silencing innocent people in the process. Protecting intermediaries protects users. </p>
<p>Luckily, the Second Circuit recognized the importance of protecting intermediaries. The court shut down the plaintiff’s attempt to get around Section 230’s protections by claiming that his claims were based on how Grindr designed and operated the app, not on content posted by the ex-boyfriend. The court recognized that the plaintiff’s claims about Grindr being “dangerous and defective” stemmed from information created by the ex-boyfriend, and that this case was precisely the sort of case that Congress sought to protect against when enacting Section 230 back in 1996. According to the court, “Plaintiff’s attempt to artfully plead his case in order to separate the Defendant from the protections of the CDA is a losing proposition.”</p>
<p>We’re happy to see the court reject this blatant attempt to work around Section 230, particularly as <a href="https://www.eff.org/deeplinks/2017/06/eff-court-holding-twitter-responsible-providing-material-support-terrorists-would">more</a> and <a href="https://blog.ericgoldman.org/archives/2016/09/ninth-circuit-criticizes-attempts-to-plead-around-secton-230-kimzey-v-yelp.htm">more</a> civil litigants attempt to plead around the statute’s protections. It’s <a href="https://www.eff.org/deeplinks/2018/12/congress-censors-internet-eff-continues-fight-fosta-2018-review">more important than ever</a> that courts uphold the protections afforded by Section 230. Section 230 encourages intermediaries to host a vast array of content, without having to worry about the devastating litigation costs they would incur if they could be sued for what their users say online. Without Section 230, intermediaries would likely limit who could use their service and censor more speech than ever before. Smaller platforms that lack the resources to take those steps and the wherewithal to defend themselves in court would be unable to compete with big incumbents, meaning users would have fewer tools to communicate online.</p>
<p>Section 230 does not mean that victims of online harassment have nowhere to turn. Most jurisdictions have laws against abusive speech. Law enforcement needs to get smarter about online harassment so it can protect people in danger, while courts should become comfortable with legal remedies against online perpetrators. We’re glad that the Second Circuit recognized that holding platforms responsible is not the answer. </p>
</div></div></div>
[EFF] Five Civil Society Organizations Remind Congress: Look to the Supreme Court, Not Silicon Valley CEOs, For Guidance Before Regulating Online Speech
2019-04-06T08:38:55Z
Karen Gullo
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Supreme Court Rulings Sharply Limit Attempts to Silence Speech</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>New York, San Francisco, and Washington D.C.—As policymakers around the U. S. contemplate regulations to protect and/or restrict online speech, a group of public interest organizations dedicated to free expression are publishing a set of legal guideposts that must inform any legislative or regulatory discussion. The document, entitled “<u><a href="https://newamericadotorg.s3.amazonaws.com/documents/First_Amendment_Principles_2019-FINAL_Interactive_O0JA9oV.pdf">Online Speech and the First Amendment: Ten Principles from the Supreme Court</a></u>,” explains a series of fundamental safeguards for free speech that our nation’s highest court has articulated and should be followed in any potential regulation of online speech.<br /><br />The five organizations are the American Civil Liberties Union, the Brennan Center for Justice at NYU School of Law, the Center for Democracy & Technology, the Electronic Frontier Foundation, and New America’s Open Technology Institute.<br /><br />U.S. Supreme Court rulings have established principles sharply limiting the situations in which speech may be regulated or silenced. The First Amendment protects a vast array of expression, including posts that society may consider indecent or hateful (Principle #3), anonymous speech (Principle #5), and speech targeted for its content (Principle #7).<br /><br />The court has held that any attempt to censor protected speech must meet exacting constitutional standards. Recognizing the critical role the Internet plays in democracy, the court has also stressed that our rights are just as strong when we speak online.</p>
<h4>ACLU</h4>
<p>“Online discourse is key for our democracy, and the Internet is not a haven for the government to bypass the Constitution,” said ACLU Senior Legislative Counsel Kate Ruane. “The Supreme Court has consistently made clear that not only is the Internet one of the most important speech mediums of our time, speech that occurs on it receives the First Amendment’s fullest protection.”</p>
<h4>Brennan Center</h4>
<p>“Our free speech tradition holds that unpopular and even offensive ideas must have breathing room for our democracy to progress,” said Faiza Patel, Co-Director of the Liberty and National Security Program at the Brennan Center for Justice, “Any attempts at regulating online speech must follow the clear guidance from the Supreme Court.”</p>
<h4>Center for Democracy & Technology</h4>
<p><span>“</span>People have become accustomed to the wide-ranging moderation that social media platforms can do, but government officials cannot act so broadly,” said Emma Llansó, Director of Free Expression at the Center for Democracy & Technology. “Laws that pressure intermediaries to regulate protected speech raise First Amendment problems as well.”</p>
<h4>Electronic Frontier Foundation</h4>
<p>“Any new rules affecting online speech must pass constitutional muster,” said Corynne McSherry, Legal Director for the Electronic Frontier Foundation. “This collection lays out the strict parameters such rules would have to meet.”</p>
<h4>New America's Open Technology Institute</h4>
<p>“The First Amendment provides clear safeguards to prevent our government from limiting free expression online, and Congress must tread carefully in any efforts to regulate how tech companies moderate the content they host,” said Sharon Bradford Franklin, Director of Surveillance & Cybersecurity Policy at New America’s Open Technology Institute. “Now that the public square has moved online for so many communities, Congress should focus its efforts on ensuring that our strong free speech traditions continue in the digital world.”</p>
<p><div class="media media-element-container media-default"><div id="file-50464" class="file file-image file-image-jpeg" class="file file-image file-image-jpeg">
<h2 class="element-invisible"><a href="/file/aclu200x100jpg">aclu200x100.jpg</a></h2>
<div class="content">
<img class="media-element file-default" data-delta="2" src="https://www.eff.org/files/aclu200x100.jpg" width="200" height="100" alt="" /> </div>
</div>
</div><div class="media media-element-container media-default"><div id="file-50465" class="file file-image file-image-jpeg" class="file file-image file-image-jpeg">
<h2 class="element-invisible"><a href="/file/brennan200x100jpg">brennan200x100.jpg</a></h2>
<div class="content">
<img class="media-element file-default" data-delta="3" src="https://www.eff.org/files/brennan200x100.jpg" width="200" height="100" alt="" /> </div>
</div>
</div><div class="media media-element-container media-default"><div id="file-50466" class="file file-image file-image-jpeg" class="file file-image file-image-jpeg">
<h2 class="element-invisible"><a href="/file/cdt200x100jpg">cdt200x100.jpg</a></h2>
<div class="content">
<img class="media-element file-default" data-delta="4" src="https://www.eff.org/files/cdt200x100.jpg" width="200" height="100" alt="" /> </div>
</div>
</div><div class="media media-element-container media-default"><div id="file-50467" class="file file-image file-image-jpeg" class="file file-image file-image-jpeg">
<h2 class="element-invisible"><a href="/file/oti200x100jpg">oti200x100.jpg</a></h2>
<div class="content">
<img class="media-element file-default" data-delta="5" src="https://www.eff.org/files/oti200x100.jpg" width="200" height="100" alt="" /> </div>
</div>
</div><div class="media media-element-container media-default"><div id="file-50472" class="file file-image file-image-jpeg" class="file file-image file-image-jpeg">
<h2 class="element-invisible"><a href="/file/eff200x100jpg">eff200x100.jpg</a></h2>
<div class="content">
<img class="media-element file-default" data-delta="6" src="https://www.eff.org/files/eff200x100.jpg" width="200" height="100" alt="" /> </div>
</div>
</div></p>
</div></div></div><div class="field field--name-field-contact field--type-node-reference field--label-above"><div class="field__label">Contact: </div><div class="field__items"><div class="field__item even"><div class="ds-1col node node--profile node--promoted view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Corynne</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">McSherry</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Legal Director</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:corynne@eff.org">corynne@eff.org</a></div></div></div> </div>
</div>
</div><div class="field__item odd"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Hoa</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Nguyen</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">New America's Open Technology Institute</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:nguyen@opentechinstitute.org">nguyen@opentechinstitute.org</a></div></div></div> </div>
</div>
</div><div class="field__item even"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Kate</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Ruane</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">ACLU Senior Legislative Counsel</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto: kruane@aclu.org"> kruane@aclu.org</a></div></div></div> </div>
</div>
</div><div class="field__item odd"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Mireya</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Navarro</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Brennan Center For Justice</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:navarrom@brennan.law.nyu.edu">navarrom@brennan.law.nyu.edu</a></div></div></div> </div>
</div>
</div><div class="field__item even"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Brian</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Wesolowksi</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">CDT Communications Director</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:press@cdt.org">press@cdt.org</a></div></div></div> </div>
</div>
</div></div></div>
[EFF] Facebook Got Caught Phishing For Friends
2019-04-05T02:46:01Z
Bennett Cyphers
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>Once again, Facebook is in the news for bad security practices, dark design patterns, and </span><a href="https://www.eff.org/deeplinks/2019/03/facebook-doubles-down-misusing-your-phone-number"><span>secretly reappropriating sensitive data meant for “authentication” to its own ends</span></a><span>. Incredibly, this time, the company managed to accomplish all three in one fell swoop.</span></p>
<h2><b>What happened?</b></h2>
<p><span>Last weekend, news broke that Facebook has been demanding some new users enter their email passwords in order to sign up for an account on the site. First publicized by </span><a href="https://twitter.com/originalesushi/status/1112496649891430401"><span>cybersecurity specialist e-sushi on Twitter</span></a><span>, the unnervingly </span><a href="https://ssd.eff.org/en/module/how-avoid-phishing-attacks"><span>phishing</span></a><span>-like process worked like this: any user who tried to create a new account on Facebook with an email from one of a few providers (including Yandex and GMX) was directed to a page that asked them to “Confirm [Their] Email”--by entering their </span><i><span>email</span></i><span> password.</span></p>
<p class="center-image"><span><img src="/files/2019/04/04/pasted_image_0.png" alt="" width="589" height="296" /></span></p>
<p><span>Soon after the news was reported more widely by </span><a href="https://www.thedailybeast.com/beyond-sketchy-facebook-demanding-some-new-users-email-passwords"><span>The Daily Beast</span></a><span> and </span><a href="https://www.businessinsider.com/facebook-asks-new-users-email-passwords-2019-4"><span>Business Insider</span></a><span>, Facebook </span><a href="https://www.cnet.com/google-amp/news/facebook-will-no-longer-ask-for-peoples-email-passwords/"><span>discontinued its verify-with-password program</span></a><span>. EFF was made aware of the sign-up flow before the stories were published. Armed with a burner Yandex email and a fresh browsing session, we were able to experiment with the password-grabbing tool briefly before it was shut down.</span></p>
<p><span>First, we observed that when we clicked on the “Connect to yandex.com” button, our email and password were sent directly to Facebook. Do not pass go, do not “Connect” to the third-party service the password belongs to. Facebook might not have stored our password, but it certainly saw it.<br /></span></p>
<p class="center-image"><span><div class="caption caption-center"><div class="caption-width-container"><div class="caption-inner"><img src="/files/2019/04/04/pasted_image_1.png" alt="" title="" width="923" height="314" /><p class="caption-text">Firefox’s developer tools show a request being sent to Facebook with our (fake) email password in it.</p></div></div></div></span></p>
<p><span>At a glance, there didn’t appear to be any way to avoid signing up without compromising our email password in this way. However, in the background, the company had already sent a traditional “confirmation email” to Yandex. We could have closed this signup window, gone to our email, and opened the link from there. Boom, done, we’d be “Confirmed.” But oddly, we didn’t see any indication of that on the “Confirm” page at first. We had to click on “Need Help” in order to see a dialog informing us that, actually, there was no need for a password at all.</span></p>
<p class="center-image"><span><img src="/files/2019/04/04/pasted_image_2.png" alt="" width="573" height="382" /></span></p>
<h3><b>The Plot Thickens</b></h3>
<p><a href="https://www.businessinsider.com/facebook-asks-new-users-email-passwords-2019-4"><span>In a statement</span></a><span>, Facebook said it gave people “the option” to enter their password in order to verify their account. But why did the company build this tool at all? Asking for passwords you don’t need is a classic security </span><a href="https://en.wikipedia.org/wiki/Anti-pattern"><span>anti-pattern</span></a><span>: a commonly reinvented, bad solution to a common problem. Facebook is a huge company with plenty of security engineers on its payroll. Surely someone must have identified this as a terrible idea. And users around the web are familiar with the need to verify accounts with a click in a confirmation email; there was no reason to reinvent the wheel.</span></p>
<p><span>So why was Facebook’s design so intent on getting users to input their passwords?</span></p>
<p><span>It makes more sense in the context of what happened next.</span></p>
<p><span>When we clicked “Connect to yandex.com,” an overlay with a status bar appeared. “Authenticating,” it said. But wait—“Importing contacts?” When did that happen? What? How? Why??</span></p>
<p class="center-image"><img src="/files/2019/04/04/pasted_image_3.png" alt="" width="567" height="292" /><br /><br /></p>
<p><span>Our fake profile didn’t have any linkable Facebook friends, but the tool went through our contacts anyway. After a short time where the status bar informed us that it had found 0 contacts so far, this message popped up: </span></p>
<p class="center-image"><img src="/files/2019/04/04/pasted_image_4.png" alt="" width="573" height="282" /></p>
<p><span>Somewhere in a cavernous, </span><a href="https://code.fb.com/data-center-engineering/data-centers-2018/"><span>evaporative cooled datacenter</span></a><span>, one of millions of blinking Facebook servers took our credentials, used them to </span><i><span>authenticate to our private email account</span></i><span>, and tried to pull information about all of our contacts.</span></p>
<p><span>After clicking Continue, we were dumped into the Facebook home page, email successfully “confirmed,” and our privacy thoroughly violated.</span></p>
<h3><b>It’s not about security. It’s about your data.</b></h3>
<p><span>Some more digging around Facebook’s website reveals that this isn’t the only place it asks for your email password and then uses it to import contact data. In fact, the “confirmation” flow that we tested appears to be a reskinned version of a tool that Facebook calls “Find Your Friends.” (We were tipped off to the existence of the tool by <a href="https://twitter.com/robaeprice">Rob Price</a> of Business Insider.) After we had signed up for our new account, we were ferried to this page as part of the onboarding process. At time of writing, versions of this tool were also available (though possibly non-functional) at </span><a href="https://www.facebook.com/?sk=ff"><span>https://www.facebook.com/?sk=ff</span></a><span> and </span><a href="https://www.facebook.com/find-friends/index.php"><span>https://www.facebook.com/find-friends/index.php</span></a><span>.</span></p>
<p><span>This tool is more transparent about its intentions, but it still qualifies as a security mess. Here, Facebook encourages users to enter their email and (email) password in order to “find friends” who are already on Facebook.</span></p>
<p class="center-image"><img src="/files/2019/04/04/pasted_image_5.png" alt="" width="758" height="627" /></p>
<p><span>Let us be clear: </span><i><span>don’t do this</span></i><span>. Never give a third-party company, especially one with Facebook’s </span><a href="https://www.wired.com/story/facebook-scandals-2018/"><span>dismal track record</span></a><span>, unrestricted access to credentials for another account. Legitimate services, like password managers, might store your credentials with end-to-end encryption, but they don’t try to access your accounts without your consent. And plenty of websites integrate with </span><a href="https://en.wikipedia.org/wiki/Single_sign-on"><span>single sign-on</span></a><span> services from the likes of Google (and, yes, Facebook) using </span><a href="https://oauth.net/"><span>OAuth</span></a><span>, a protocol that allows a third-party service to verify a user’s identity without access to their real password. OAuth was standardized nearly a decade ago to put a stop to the exact practice that Facebook has engaged in here.</span></p>
<p><span>Facebook’s tool only worked with accounts from a set of “supported” email hosts, including Yandex, GMX, Yahoo, Hotmail, AOL, and Comcast. When we tried to enter an email from an unsupported host, like Gmail, we were informed that Facebook “can't import contacts from this address yet.” Considering </span><a href="https://techcrunch.com/2010/11/04/facebook-google-contacts/"><span>Facebook has sparred publicly with Google</span></a><span> about contact-export features in the past, it’s unsurprising that Facebook wouldn’t attempt (or Google wouldn’t allow) automatic contact importing using raw credentials from Gmail. </span></p>
<p><span>This tool worked the first time we tried it, on April 2, but by April 3, after the story had broken, every email we entered (including the Yandex one) prompted a “can't import contacts from this address yet” message. For now, it appears that Facebook may have shut down the “Find Friends” program as well. </span></p>
<h2><b>Why is this bad? </b></h2>
<p><span>Where to begin.</span></p>
<p><span>Before we get into the manipulative data import feature, let’s talk about Facebook asking for email credentials in the first place. For all intents and purposes, this is a phishing attack. A company you don’t have a prior relationship with asks you to “confirm your email,” and tries to get you to enter your password into a website that is not your email client. This is the </span><a href="https://www.mcgill.ca/it/channels/news/phishing-scam-confirm-your-account-273028"><span>oldest</span></a> <a href="https://www.mcgill.ca/it/channels/news/phishing-scam-email-verification-288004"><span>trick</span></a> <a href="https://www.hoax-slayer.net/verify-your-email-account-phishing-scam/"><span>in the</span></a> <a href="https://www.bbb.org/council/news-events/bbb-scam-alerts/2017/11/scam-confirm-your-account-emails-look-just-like-amazon.com/"><span>book</span></a><span>.</span><span><br /></span></p>
<p><span>Phishing attacks commonly target email accounts because they are extremely rich data mines. For better or worse, email accounts often act as de facto digital passports. They connect users to social media, bank accounts, and services like gas, electric, and cable. They can be used to reset passwords for hundreds of services around the Internet. If your email is compromised, everything else about your digital identity is put at risk.</span></p>
<p><i><span>We cannot emphasize this enough:</span></i><span> you should not give your email password to websites that are not your email provider or client. In this case, it looks like Facebook “only” wanted users’ contact lists, but that’s a paper-thin justification for the kind of access it demanded.</span></p>
<p><span>Tech companies, non-profits, researchers, community educators, and IT departments around the world have devoted millions of cumulative hours — writing countless explainers, giving presentations until their voices have gone hoarse, fundamentally redesigning how trust on the web works with </span><a href="https://letsencrypt.org/how-it-works/"><span>cryptographic certificates</span></a><span> and </span><a href="https://oauth.net/2/"><span>OAuth</span></a><span> — all to prevent users from doing exactly this.</span></p>
<p><span>And Facebook, in its first interaction with a cohort of newcomers to its service, throws this all out the window. This interaction, and Facebook’s implicit assertion that nothing is out of the ordinary, is conditioning its users to be phished. For a company that is many people’s primary portal to the Internet, that’s downright irresponsible.</span></p>
<h3><b>Uninformed non-consent</b></h3>
<p><span>But the mis-education of new users is just the first layer of this onion of awfulness. By collecting sensitive information it didn’t need, Facebook put users at risk of future data breaches. Even if the company never </span><i><span>intended</span></i><span> to store users’ passwords, it’s hard to feel secure given its track record of, well, </span><a href="https://www.wired.com/story/facebook-passwords-plaintext-change-yours/"><span>accidentally storing passwords</span></a><span>. (The company said in a statement that “These passwords were not stored by Facebook.”)</span></p>
<p><span>Perhaps worst was Facebook’s approach to user consent. The “Confirm Your Email” page gave no context for why Facebook needed an email password and hid information about how to sidestep the process. </span></p>
<p><span>Everything about the page led users to believe they had no choice but to enter their email password. And once they did, nothing about the page indicated how Facebook would use it. </span><a href="https://twitter.com/originalesushi/status/1112496649891430401"><span>According to the researcher who discovered it</span></a><span>, an older version of the page had a “See how it works” link that led to… nothing. It wasn’t even a link, just a string of text that evoked the idea of one. Before users had the chance to consent to </span><i><span>any</span></i><span> kind of data collection, Facebook was scraping their email accounts for all of their social connections. This is worse than a typical </span><a href="https://www.eff.org/deeplinks/2019/02/designing-welcome-mats-invite-user-privacy-0"><span>dark pattern</span></a><span>, which might take advantage of people’s tendency not to read fine print. It delivered unwanted behavior that even the most savvy users should not have predicted.</span></p>
<p><span>This isn’t the first time the company has </span><a href="https://www.eff.org/deeplinks/2018/09/you-gave-facebook-your-number-security-they-used-it-ads"><span>collected data for one purpose and used it for another</span></a><span>, which is why we’ve demanded that Facebook </span><a href="https://fixitalready.eff.org/facebook"><span>leave your phone number where you put it</span></a><span>. Unfortunately, this probably won’t be the last time, either. Every breach of user trust drives home further what we already know: the company cannot be left to its own devices, and existing enforcement authorities haven’t done enough. In the short term, the FTC should use its power to send a message to Facebook and the rest of the surveillance-driven tech world that unfair and deceptive data gathering has serious consequences. And in the long term, we need </span><a href="https://www.eff.org/deeplinks/2018/12/facebooks-latest-scandal-shows-we-need-stronger-privacy-laws"><span>strong privacy laws to keep companies in check</span></a><span>.</span></p>
<p><span>In the meantime, you can take this as an opportunity to educate yourself or your friends and family about phishing with the help of our </span><a href="https://ssd.eff.org/en/module/how-avoid-phishing-attacks"><span>Surveillance Self-Defense guide</span></a><span>. File this one as a textbook example of when to turn and run away.</span></p>
</div></div></div>
[EFF] EFF’s New ‘Threat Lab’ Dives Deep into Surveillance Technologies—And Their Use and Abuse
2019-04-05T01:03:07Z
Rebecca Jeschke
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>EFF is proud to announce its newest investigative team: the Threat Lab. Using a combination of research skills, the Threat Lab will take a deep dive into how surveillance technologies are used to target communities, activists, or individuals.</p>
<p>The Threat Lab is a multidisciplinary unit that’s part of our Technology Projects team. EFF’s Director of Cybersecurity, <a href="https://www.eff.org/about/staff/eva-galperin">Eva Galperin</a> heads up the group, which also includes Senior Staff Technologist <a href="https://www.eff.org/about/staff/cooper-quintin">Cooper Quintin</a> and Senior Investigative Researcher <a href="https://www.eff.org/about/staff/dave-maass">Dave Maass</a>.</p>
<p>The creation of the Threat Lab is a logical evolution of the investigative work we’ve been doing at EFF for years. Some of the projects that will move under the Threat Lab umbrella include our research into <a href="https://www.eff.org/deeplinks/2017/12/2017-year-nation-state-hacking">state-sponsored malware</a> and <a href="https://www.eff.org/deeplinks/2019/02/cyber-mercenary-groups-shouldnt-be-trusted-your-browser-or-anywhere-else">cyber-mercenaries</a>, our analysis of Automatic License Plate Readers (ALPRs) and how <a href="https://www.eff.org/deeplinks/2019/03/heres-why-you-cant-trust-what-cops-and-companies-claim-about-automated-license">data collected by police endangers privacy</a>, and our work fighting <a href="https://www.cyberscoop.com/kaspersky-lab-looks-combat-stalkerware-new-android-feature/">spouseware and stalkerware</a>. And people are already taking notice: Eva’s work in this area was recently featured in <a href="https://www.wired.com/story/eva-galperin-stalkerware-kaspersky-antivirus/ ">Wired</a>.</p>
<p>We all have a right to live our lives without the threat of illegal surveillance. EFF’s Threat Lab will do its part to enforce those rights with rigorous examinations of new surveillance technologies and how they are being abused by law enforcement or others.</p>
</div></div></div>
[EFF] Net Neutrality Bill Passes Crucial Committee Vote
2019-04-04T01:00:56Z
Ernesto Falcon
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>Congress took a big step today toward protecting net neutrality, competition, and privacy for Internet users. The House Energy and Commerce Committee just voted 30-22 to approve an amended version of the Save the Internet Act of 2019 (</span><a href="https://www.congress.gov/bill/116th-congress/house-bill/1644/text"><span>H.R.1644)</span></a><span>. Please join us in <a href="https://act.eff.org/action/tell-congress-to-restore-full-net-neutrality-protections">urging your members of Congress to pass the bill now</a>.</span></p>
<p class="take-action"><a href="https://act.eff.org/action/tell-congress-to-restore-full-net-neutrality-protections">Take Action</a></p>
<p class="take-explainer"><a href="https://act.eff.org/action/tell-congress-to-restore-full-net-neutrality-protections">Protect Net Neutrality</a></p>
<p><span>The Save the Internet Act would lock into law the protections for net neutrality that came in the 2015 Open Internet Order and require the FCC to take action when ISPs give unfair preferential treatment to certain types of content or content sources.</span></p>
<p><span>In 2017, despite a clear mandate from the people to protect net neutrality, the FCC abandoned its responsibility to enforce net neutrality principles. </span><a href="https://www.eff.org/deeplinks/2017/09/just-how-unpopular-how-wrong-facts-how-misguided-fcc-proposal-rollback-network"><span>The move was highly unpopular</span></a><span> among Americans of all political stripes as well as </span><a href="https://www.eff.org/deeplinks/2017/07/network-engineers-speak-out-net-neutrality"><span>experts in how the Internet works.</span></a><span> In fact, the only people it was really popular with were the big vertically integrated ISPs who seek to leverage their dominance to raise their profits at the expense of the free and open Internet.</span></p>
<p><span>H.R. 1644 restores the FCC’s ability to police unjust and unreasonable conduct by ISPs. Unfair ISP practices recently took center stage nationally when Verizon was found </span><a href="https://www.eff.org/deeplinks/2018/08/verizons-throttling-fire-fighters-could-go-unpunished-because-fcc-repealed-open"><span>throttling the wireless service of the Santa Clara Fire Department</span></a><span> while the department was fighting a massive fire. The bill also reinstates the competition policies of the Telecommunications Act for the broadband access market, a measure that’s </span><a href="https://www.eff.org/deeplinks/2017/06/isps-across-country-tell-chairman-pai-not-repeal-network-neutrality"><span>widely supported by the small competitors</span></a><span> to incumbents like Comcast, AT&T, and Verizon.</span></p>
<p><span>The committee applied two small tweaks to the legislation during the full committee markup. Bill sponsor Rep. Mike Doyle </span><a href="https://docs.house.gov/meetings/IF/IF00/20190403/109262/BILLS-116-1644-D000482-Amdt-01.pdf"><span>brought an amendment</span></a><span> to permanently lock the 2015 Order as a matter of law to prevent any future FCC from ever repealing net neutrality again. </span><a href="https://docs.house.gov/meetings/IF/IF00/20190403/109262/BILLS-116-1644-D000482-Amdt-HR1644-Doyle-SLW_1040_xml.pdf"><span>The committee also approved an amendment</span></a><span> to reinstate the temporary one year exemption on some of the transparency rule requirements the FCC adopted for ISPs that had less than 100,000 subscribers. Both of these amendments tightened the legislation to mirror the 2015 Open Internet Order and every amendment offered to weaken the legislation was rejected by a majority vote.</span></p>
<p><span>Now the legislation will head to the House floor for a debate and the entire country will have an opportunity to demand their elected official in the House of Representatives take a stand against big ISP gatekeepers. Now is the time: let’s send a clear message to Congress that we can’t wait to bring back essential net neutrality protections. Tell your members of Congress to vote yes on H.R. 1644 and S. 682.</span></p>
<p class="take-action"><a href="https://act.eff.org/action/tell-congress-to-restore-full-net-neutrality-protections">Take Action</a></p>
<p class="take-explainer"><a href="https://act.eff.org/action/tell-congress-to-restore-full-net-neutrality-protections">Protect Net Neutrality</a></p>
</div></div></div>
[EFF] Victory for Users: WhatsApp Fixes Privacy Problem in Group Messaging
2019-04-03T22:23:27Z
Rebecca Jeschke
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Issue Was Targeted in EFF’s ‘Fix It Already!’ Campaign</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>San Francisco - In a victory for users, WhatsApp has <a href="https://blog.whatsapp.com/10000661/New-Privacy-Settings-for-Groups">fixed a long-standing privacy problem</a> in group messaging, where users could be added to a group without their permission. The issue was one of the targets of “<a href="https://fixitalready.eff.org/">Fix It Already!</a>,” a campaign from the Electronic Frontier Foundation (EFF) demanding repair of privacy and security holes that disrespect user control and put us all at risk.</p>
<p>“Without this kind of control, an unwanted group invite would expose your phone number to all the members of a group and even have the potential to make you part of someone else’s disinformation campaign,” said EFF Associate Director of Research Gennie Gebhart.</p>
<p>Users of WhatApp could always leave a messaging group or block a messaging group after being added to them. But there was no way to control being added to the group in the first place. In changes announced in a <a href="https://blog.whatsapp.com/10000661/New-Privacy-Settings-for-Groups">blog post</a> today, WhatsApp announced that users can now go to their account settings and choose among three options for group messaging: “Nobody,” where no one can add you to a group automatically without your express consent; “My Contacts,” where only your contacts can add you without express consent; or “Everyone,” where no one needs your consent. These changes will be available to some users as soon as today, but will be available to everyone using the latest version of WhatsApp over the next several weeks.</p>
<p>EFF launched “<a href="https://fixitalready.eff.org/">Fix It Already!</a>” on February 28, targeting nine big privacy and security issues with major consumer technology products. The list takes <a href="https://fixitalready.eff.org/facebook">Facebook</a> to task for reusing customers’ phone numbers to advertising—even if the user only provided the number for security purposes. <a href="https://fixitalready.eff.org/android">Google</a> was called out for not letting Android phone users to deny and revoke network permissions for apps. <a href="https://fixitalready.eff.org/apple">Apple</a>, <a href="https://fixitalready.eff.org/twitter">Twitter</a>, <a href="https://fixitalready.eff.org/verizon">Verizon</a>, <a href="https://fixitalready.eff.org/win10">Microsoft</a>, <a href="https://fixitalready.eff.org/slack">Slack</a>, and <a href="https://fixitalready.eff.org/venmo/">Venmo</a> are also on EFF’s list.</p>
<p>“We’re happy to see WhatsApp addressing this problem, and would like to see other messaging apps follow suit,” said Gebhart. “Now it’s time for the eight other products and platforms we called out in Fix It Already! to catch up.”</p>
<p>For more on Fix It Already!<br /><a href="https://fixitalready.eff.org">https://fixitalready.eff.org</a></p>
</div></div></div><div class="field field--name-field-contact field--type-node-reference field--label-above"><div class="field__label">Contact: </div><div class="field__items"><div class="field__item even"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Gennie</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Gebhart</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Associate Director of Research</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:gennie@eff.org">gennie@eff.org</a></div></div></div> </div>
</div>
</div><div class="field__item odd"><div class="ds-1col node node--profile node--promoted view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Eva</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Galperin</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Director of Cybersecurity</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:eva@eff.org">eva@eff.org</a></div></div></div> </div>
</div>
</div></div></div>
[EFF] FIXED: WhatsApp Rolls Out Group Privacy Settings
2019-04-03T21:58:38Z
Gennie Gebhart
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>Today, we’re happy to see WhatsApp <a href="https://blog.whatsapp.com/10000661/New-Privacy-Settings-for-Groups">fixing the long-standing group messaging problem</a> that we called on them to address: allowing users to decide who can add them to groups without their express consent. This puts users in a better position to control their WhatsApp chats and personal phone number privacy, and we’d like to see other messengers that offer groups follow suit.</span></p>
<p><span>Last month, we launched </span><a href="https://fixitalready.eff.org/"><span>Fix It Already</span></a><span>, </span><span>a new way to show companies we're serious about the attainable, high-impact privacy and security issues they need to fix. On social media, users are joining in to share why these issues are important to them with the hashtag “#FixItAlready”. WhatsApp is the first company to roll out a fix in response to our (and your!) demands.</span></p>
<p><span>In changes announced in a </span><a href="https://blog.whatsapp.com/10000661/New-Privacy-Settings-for-Groups"><span>blog post</span></a><span> today, WhatsApp announced that users can now go to their account settings and choose among three options for group messaging: “Nobody,” where no one can add you to a group automatically without your express consent; “My Contacts,” where only your contacts can add you without express consent; or “Everyone,” where no one needs your consent. These changes will be available to some users as soon as today, and will be available to everyone using the latest version of WhatsApp over the next several weeks.</span></p>
<p class="center-image"><i><span><img src="/files/styles/large/public/2019/04/03/groupsettings.png?itok=FR8i0nQZ" width="480" height="251" alt="" class="image-large" /><br /></span></i><em><span>To access these settings, use the three dots in the top right corner of WhatsApp to navigate to Settings > Account > Privacy > Groups. These changes will be available to some users as soon as today, and will be available to everyone using the latest version of WhatsApp over the next several weeks.</span></em></p>
<p><i><span></span></i><span>Users of WhatApp could always leave a messaging group or block a messaging group after being added. But there was no way to control being added to the group in the first place. Without a chance to decide whether or not you want to accept a group invitation, you could have your phone number exposed to all the members of a group, and you could even be linked to information and messages that you don’t support. At best, this takes the form of a well-meaning relative or friend adding you to a group that you then have to awkwardly leave or ignore. At worst, WhatsApp groups have been implicated in <a href="https://www.bbc.com/news/technology-45956557">invasive political campaign tactics</a> and even the spread of disinformation <a href="https://www.bbc.com/news/world-asia-india-44709103">leading to violence</a>.</span></p>
<p><span>The power to simply say “yes” or “no” when someone adds you to a group puts users back in control of their WhatsApp chats and personal phone number privacy from the start. </span></p>
<p><span>EFF applauds this change from WhatsApp. Now it’s time for the eight other products and platforms we called out in </span><a href="https://fixitalready.eff.org/"><span>Fix It Already</span></a><span> to catch up.</span></p>
</div></div></div>
[EFF] Your Fourth Amendment Rights Should Not be Limited by Terms of Service
2019-04-02T23:22:27Z
Jennifer Lynch
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Last week, we filed an <a href="https://www.eff.org/document/us-v-wilson-amicus-brief-terms-service-email-and-your-fourth-amendment-rights" target="_blank" rel="noopener noreferrer">amicus brief</a> in <em>U.S. v. Wilson</em>, a federal appellate case, in which we argued that email providers’ terms of service can’t limit your Fourth Amendment rights. This is the second brief we’ve filed in less than a year addressing this important point.</p>
<p>Email and other electronic communications can contain highly personal, intimate details of our lives. As <a href="https://www.eff.org/document/us-v-warshak-6th-circuit-court-appeals-2010">one court noted</a>, through emails, “[l]overs exchange sweet nothings, and businessmen swap ambitious plans, all with the click of a mouse button.” In an age where almost all of us now communicate via email, text, or some other messaging service, electronic communications are effectively no different from letters, which the Supreme Court held were protected by the Fourth Amendment way back in <a href="https://supreme.justia.com/cases/federal/us/96/727/case.html">1878</a>.</p>
<p>At this point, almost all courts that have squarely addressed the issue have held the Fourth Amendment protects electronic communications from warrantless searches—even if you store your email with a third party service provider. And last summer, all nine justices on the Supreme Court agreed with this premise in <em><a href="https://www.eff.org/deeplinks/2018/06/victory-supreme-court-says-fourth-amendment-applies-cell-phone-tracking">United States v. Carpenter</a></em>. However, in <em>Wilson</em>, the district court added a new wrinkle. It <a href="https://www.eff.org/document/us-v-wilson-district-court-order-motion-suppress">reasoned</a> that the Fourth Amendment no longer applies once an email user violates a provider’s terms of service (TOS).</p>
<h3><strong>Background on the Case</strong></h3>
<p>It may seem difficult to conceive how an agreement with your email provider to deliver and store your emails could eviscerate your Fourth Amendment rights. But that’s what the district court decided in <em>Wilson. </em></p>
<p>Google shut down Wilson’s email account after its automated anti-child pornography filters were triggered by four images attached to one of his emails. Following federal law, Google sent the images and information about Wilson’s account to the National Center for Missing and Exploited Children (NCMEC), which led to Wilson’s indictment on child pornography charges. When Wilson challenged the search, the district court opined that Google’s TOS—which notified Wilson that it could monitor his email and terminate his account for illegal conduct—nullified his Fourth Amendment rights once he sent the illegal images. Wilson appealed this order to the U.S. Court of Appeals for the Ninth Circuit.</p>
<p>The district court didn’t base its ultimate decision on its TOS analysis. Instead, it <a href="https://www.eff.org/document/us-v-wilson-district-court-order-motion-suppress">held</a> that because Google had already “searched” Wilson’s email before it turned the images over to NCMEC, any follow-on government searches that didn’t expand on Google’s initial search were exempt from Fourth Amendment protection (under the “<a href="https://www.washingtonpost.com/news/volokh-conspiracy/wp/2015/12/02/11th-circuit-deepens-the-circuit-split-on-applying-the-private-search-doctrine-to-computers/">private search doctrine</a>”).</p>
<p>However, we couldn’t let the district court’s dangerous analysis remain unchallenged, so we filed a <a href="https://www.eff.org/document/us-v-wilson-amicus-brief-terms-service-email-and-your-fourth-amendment-rights" target="_blank" rel="noopener noreferrer">brief</a> in the Ninth Circuit to educate the appellate court about the perils of its approach to analyzing TOS agreements.</p>
<h3><strong>The District Court’s Logic Doesn’t Make Sense</strong></h3>
<p>The district court’s analysis is simply wrong. Under its logic, your Fourth Amendment rights rise or fall based on unilateral contracts with your service providers—contracts that all of us must agree to so that we can use services that are a necessary part of daily life, but contracts that almost none of us even read. As we argued in our <a href="https://www.eff.org/document/us-v-wilson-amicus-brief-terms-service-email-and-your-fourth-amendment-rights" target="_blank" rel="noopener noreferrer">brief</a>, a company’s TOS should not dictate your constitutional rights, because terms of service are rules about the relationship between you and your email provider—not you and the government.</p>
<p>Companies draft terms of service to govern how their platforms may be used. <a href="https://policies.google.com/terms" target="_blank" rel="noopener noreferrer">Companies’ TOS</a> control what kind of content you can post, how you can use the platform, and how platforms can protect themselves against fraud.</p>
<p>The terms of these contracts are extremely broad. Actions that could cause a provider to terminate your account for TOS violations include not just criminal activity, such as distributing child pornography, but also—as defined solely by the provider—actions like sending an email containing a racial epithet, sharing a news article with your team at work without permission from the copyright holder, or marketing your small business to all of your friends without their advance consent. While some might find activities such as these objectionable or annoying, they shouldn’t justify the government ignoring your Fourth Amendment right to privacy over your emails.</p>
<p>Given the vast amount of storage many email providers offer, most of us now hold onto email for years. Accounts can hold tens of thousands of private, personal messages, photos, and videos—each of which could reveal intimate details about our private and professional lives. And, given the convenience offered by commercial third party email providers, very few of us take the trouble to set up a private server to send, receive, and maintain these emails. This means the only way most of us can use email at all is by agreeing to these third party providers’ terms of service.</p>
<p>Last summer, all nine justices on the Supreme Court agreed that even if we store electronic communications with a third party provider, we still have Fourth Amendment-protected privacy interests in those communications. These constitutional rights would be meaningless, however, if they could be ignored simply because a user agreed to a company’s TOS, and then somehow violated that TOS.</p>
<p>The trial court’s <a href="https://www.eff.org/document/us-v-wilson-district-court-order-motion-suppress">ruling</a> in <em>Wilson </em>allows private agreements to trump bedrock Fourth Amendment protections for private communications. The ruling affects far more than child pornography cases: anyone whose account was shut down for <em>any</em> violation of a TOS could lose Fourth Amendment protections over <em>all</em> the emails in their account.</p>
<p>The Ninth Circuit should reject such a sweeping invalidation of constitutional rights. We look forward to the court’s eventual decision, and will continue in the meantime to defend the important <em>Carpenter</em> decision, while working to extend its core holding to other contexts.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases: </div><div class="field__items"><div class="field__item even"><a href="/cases/warshak-v-usa">Warshak v. USA</a></div><div class="field__item odd"><a href="/cases/warshak-v-united-sta">Warshak v. United States</a></div><div class="field__item even"><a href="/cases/carpenter-v-united-states">Carpenter v. United States</a></div></div></div>
[EFF] Mark Zuckerberg Does Not Speak for the Internet
2019-04-01T23:45:56Z
Corynne McSherry
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>This past weekend, Facebook CEO Mark Zuckerberg took to the pages of the Washington Post to <a href="https://www.washingtonpost.com/opinions/mark-zuckerberg-the-internet-needs-new-rules-lets-start-in-these-four-areas/2019/03/29/9e6f0504-521a-11e9-a3f7-78b7525a8d5f_story.html?utm_term=.6e19aa35722b">ask governments and regulators to play a more active role</a> in policing the Internet, and to offer some ideas for how they should do so. As the <a href="https://www.nytimes.com/2019/03/30/technology/mark-zuckerberg-facebook-regulation-explained.html">New York Times noted</a>, Zuckerberg’s comments were doubtless intended to stave off ideas Facebook would like even less—but that doesn’t make them good ones.</p>
<p>Here we look at two of Zuckerberg’s ideas for “standardized” or “global” rules for the entire Internet: platform censorship, and data privacy laws.</p>
<h3><strong>Calling in the Speech Police</strong></h3>
<p>Let’s start with his first idea: a “standardized approach” to “harmful content” online, whereby third-party bodies – let’s call them speech police—decide what content is OK and what is not, and companies are required to “build systems” to shut down as much of the latter category as possible. Facebook is already inviting government regulators to help it do so on its own platform—and apparently thinks everyone else should do the same.</p>
<p>There are at least four fundamental problems with this idea.</p>
<p><em>First</em>, it is extremely difficult to define “harmful content,” much less implement standards consistently and fairly for billions of users, across the entire spectrum of contemporary thought and belief. Mark Zuckerberg's own company's efforts to do so show how fraught that is.</p>
<p>All of the major platforms already <a href="https://www.eff.org/deeplinks/2018/01/private-censorship-not-best-way-fight-hate-or-defend-democracy-here-are-some ">set forth rules</a> for their users. They tend to be complex, covering everything from terrorism and hate speech to copyright and impersonation. Most platforms use a version of community reporting. Violations of these rules can prompt takedowns and account suspensions or closures. And we have well over a decade of evidence about how these rules are used and misused.</p>
<p class="pull-quote">If governments and regulators want to explore new rules for the Internet, Mark Zuckerberg is the last person they should ask for advice.</p>
<p>We’ve seen prohibitions on hate speech used to <a href="https://medium.com/@IjeomaOluo/facebooks-complicity-in-the-silencing-of-black-women-e60c34434181">shut down conversations</a> among <a href="https://www.washingtonpost.com/business/economy/for-facebook-erasing-hate-speech-proves-a-daunting-challenge/2017/07/31/922d9bc6-6e3b-11e7-9c15-177740635e83_story.html">women of color</a> about the <a href="https://www.eff.org/deeplinks/2015/01/facing-challenge-online-harassment">harassment</a> they receive online; rules against harassment employed to shut down the account of a <a href="https://www.theguardian.com/media/2017/dec/18/twitter-faces-backlash-after-suspending-egyptian-journalist-wael-abbas">prominent Egyptian anti-torture activist</a>; and a ban on nudity used to <a href="http://www.scarymommy.com/moms-birth-photo-removed-from-facebook-for-violating-standards-of-nudity/">censor women</a> who share childbirth images in private groups. Museums have had <a href="https://www.thedailybeast.com/facebooks-most-famous-banned-images">works of art</a> taken down for “suggestive content.” And we've seen <a href="https://www.eff.org/takedowns">false copyright and trademark allegations</a> used to take down all kinds of lawful content, including time-sensitive political speech.</p>
<p>Platform censorship has included images and videos that document atrocities and make us aware of the world outside of our own communities. Regulations on violent content have <a href="https://www.reuters.com/article/egypt-youtube/youtube-stops-account-of-egypt-anti-torture-activist-idUSL2759043020071127">disappeared</a> <a href="https://motherboard.vice.com/en_us/article/8q85jb/philando-castile-facebook-live">documentation</a> of police brutality, the <a href="https://www.nytimes.com/2017/08/22/world/middleeast/syria-youtube-videos-isis.html">Syrian war</a>, and the human rights abuses <a href="https://www.theguardian.com/technology/2017/sep/20/facebook-rohingya-muslims-myanmar">suffered by the Rohingya</a>. A blanket ban on nudity has repeatedly been used to <a href="https://www.theguardian.com/technology/2016/sep/09/facebook-deletes-norway-pms-post-napalm-girl-post-row">take down a famous Vietnam war photo</a>.</p>
<p>If individual companies, some with massive resources, <a href="https://www.vanityfair.com/news/2019/02/men-are-scum-inside-facebook-war-on-hate-speech">can’t get this right</a>, we have no reason to imagine that an independent body will do much better.</p>
<p><em>Second</em>, as the above would suggest, requiring companies to build systems to take down only “harmful content” is a dangerous exercise in magical thinking. No algorithm and group of moderators can perfectly differentiate between speech that should be protected and speech that should be erased, not least because a great deal of problematic content sits in the ambiguous territory between disagreeable political speech and abuse, or between fabricated propaganda and legitimate opinion, or between things that are legal in some jurisdictions and not others. Or they’re simply things some users want to read and others don’t.</p>
<p><em>Third</em>, while the free and open Internet has never been fully free or open, at root, the Internet still represents and embodies an extraordinary idea: that anyone with a computing device can connect with the world, anonymously or not, to tell their story, organize, educate, and learn. Moderated forums can be valuable to many people, but there must also be a place on the Internet for unmoderated communications, where content is controlled neither by the government nor a large corporation. Mandating a standardized approach across all sharing services would eliminate that possibility—and with it a core promise of the Internet.</p>
<p><em>Last but not least,</em> as Zuckerberg should know given the phalanx of smart lawyers he employs, regulations along the lines he suggests would violate the First Amendment in the U.S. They could also run afoul of an existing international standard for freedom of expression: Article 19 of the International Declaration of Human Rights. Article 19 states that “Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.” Internationally imposed “harmful content” standards, however well-intentioned, will inevitably shut down the sharing of a wide range of opinion and information.</p>
<p>That's why the United Nations Special Rapporteur on freedom of expression <a href="https://freedex.org/a-human-rights-approach-to-platform-content-regulation/">reminded governments last year</a> that they should "only seek to restrict content pursuant to an order by an independent and impartial judicial authority, and in accordance with due process and standards of legality, necessity and legitimacy." Zuckerberg's idea of cozy agreement between multiple governments and the giant platforms does not reach that standard.</p>
<h3><strong>States, Zuckerberg is Coming for Your Data Privacy Laws</strong></h3>
<p>Zuckerberg also calls for a “common global framework” for data privacy laws, “rather than regulation that varies significantly by country and state.” There are many benefits to having a uniform standard, rather than forcing companies to comply with numerous different state and federal laws. However, we’re not sure that’s all Zuckerberg is saying here: In the U.S., for example, it’s very much in Facebook’s interest to push for a federal data privacy law that would preempt <em>stronger</em>, existing state laws.</p>
<p>In the U.S., for example, current state laws across the country have <a href="https://twitter.com/EFF/status/1042082282314457089">already created strong protections</a> for user privacy. Three particularly strong examples are California's <a href="https://www.eff.org/deeplinks/2018/08/how-improve-california-consumer-privacy-act-2018">Consumer Privacy Act</a>, Illinois' <a href="https://www.eff.org/deeplinks/2018/04/new-attack-illinois-biometric-privacy-act">Biometric Privacy Act</a>, and Vermont's <a href="https://techcrunch.com/2018/05/27/vermont-passes-first-first-law-to-crack-down-on-data-brokers/">Data Broker Act</a>. If Congress enacts weaker federal data privacy legislation that preempts such stronger state laws, the result will be a <a href="https://www.eff.org/deeplinks/2018/09/eff-opposes-federal-preemption-state-privacy-laws">massive step backward for user privacy</a>.</p>
<p>And Zuckerberg’s point here isn’t just about privacy; it’s also about competition. Facebook was able to achieve its current size thanks in part to a lack of data privacy laws in its early days. Imposing a one-size-fits-all standard on companies and organizations of different sizes, with different resources, in different places would put would-be competitors at a disadvantage that Facebook never had to overcome. Unsurprisingly, Zuckerberg's vision for Internet regulation prioritizes Facebook's business interests above those of its potential competitors.</p>
<p>If governments and regulators want to explore new rules for the Internet, Mark Zuckerberg is the last person they should ask for advice. Instead, they should talk to users, small innovators and platforms, engineers (including the people who built the Internet), civil society, educators, activists, and journalists – all of whom depend on robust protections for both privacy and the freedom to express and communicate without running through a gauntlet of gatekeepers.</p>
</div></div></div>
[EFF] Faulty Court Ruling That Threatens to Gut Groundbreaking Privacy Statute CalECPA Must Be Reversed
2019-04-01T20:56:36Z
Karen Gullo
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>EFF and the ACLU of Northern California <a href="https://www.eff.org/document/eff-klugman-amicus-brief">urged</a> a California appeals court last week to reverse a judge’s wrongheaded and dangerous ruling that threatens the critical privacy protections afforded by the California Electronic Communications Privacy Act (CalECPA), the <a href="https://www.eff.org/deeplinks/2015/10/california-leads-way-digital-privacy">most robust</a> digital privacy measure in the country.<br /><br />The <a href="https://www.eff.org/deeplinks/2015/10/victory-california-gov-brown-signs-calecpa-requiring-police-get-warrant-accessing">law</a>, which garnered bipartisan support, requires police to obtain a warrant from a neutral judge to search stored communications such as email, text messages, location data, or documents, whether they are on an electronic device or in the cloud. Warrants must describe <em>in detail</em> the information to be seized, specifying time periods for the search, target individuals or accounts, and the type of information sought. Anything collected that’s not relevant to what’s described in the warrant can’t be reviewed, used, or disclosed, and must be sealed. These requirements are more specific and extensive than what's currently required by the Fourth Amendment. California law enforcement agencies said CalECPA struck the <a href="https://www.eff.org/document/california-state-sheriffs-association-remove-opposition-sb-178-calecpa">correct balance</a> between their need to obtain electronic communication to investigate criminal activities and the privacy interests people have over their email, texts, documents, and other digital communications. <br /><br />Violations of CalECPA carry appropriately severe consequences for law enforcement: suppression and deletion of information obtained without a warrant as provided by the law. Prosecutors who collect electronic communications stored on a laptop or in the cloud absent a warrant that meets the requirements of CalECPA lose the ability to use information as evidence.<br /><br />The message of the suppression of evidence provision of CalECPA is clear: you abuse it, and you lose it.<br /><br />A few weeks after CalECPA went into effect, a Monterey County Superior Court judge issued a search warrant that authorized an effectively unlimited search, seizure, and extraction of electronic devices and information from a dentist’s office. In violation of CalECPA, the warrant authorized seizure of any and all computers, cellphones, and electronic accounts without limitation or specifying that they be possessed by the person who was under investigation. This is precisely what CalECPA was designed to prevent. The dentist was later charged with possession of child pornography based on evidence gathered under the faulty warrant.<br /><br />When the defendant’s attorneys sought to have the evidence thrown out because the warrant violated the statute, the Monterey County judge agreed that CalECPA had not been complied with, but refused to do so. The judge concluded that CalECPA’s requirements were no stricter than those found under the U.S. and state constitutions (not true), and even if the warrant failed to meet the requirements, suppression of the evidence was not appropriate.<br /><br />Our <a href="https://www.eff.org/document/eff-klugman-amicus-brief">brief</a> lays out in detail how wrong the judge got it. The ruling was a dramatic error that, if upheld, would eviscerate CalECPA’s privacy protections, and set a dangerous precedent allowing prosecutors to attempt to skirt CalECPA’s requirements. The statute’s robust enforcement provisions and remedies would be rendered toothless. <br /><br />Courts are required to follow the law—new laws, old laws, it doesn’t matter. This court’s erroneous ruling must be reversed to protect the privacy rights of all Californians.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases: </div><div class="field__items"><div class="field__item even"><a href="/cases/californias-electronic-communications-privacy-act-calecpa">California's Electronic Communications Privacy Act (CalECPA) - SB 178</a></div></div></div>
[EFF] Don’t Buy California’s Callous Attempt to Ignore People’s DNA Privacy Rights, EFF Tells Court
2019-03-29T23:00:46Z
Karen Gullo
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Analyzing and indefinitely keeping the DNA profiles of thousands of Californians arrested for felonies, but never charged with a crime, is not just an ominously overbroad practice by law enforcement—it’s an invasion of privacy that violates the state’s constitution. Last year EFF and our co-counsel Michael Risher filed a <a href="https://www.eff.org/cases/center-genetics-and-society-v-becerra">lawsuit</a> against California challenging its DNA retention and search practices on behalf of the <a href="https://www.geneticsandsociety.org/">Center for Genetics and Society</a>, the <a href="https://equaljusticesociety.org/">Equal Justice Society</a>, and an individual plaintiff, writer and editor <a href="https://www.geneticsandsociety.org/user/32">Pete Shanks</a>.<br /><br />Attorneys for the state responded to <a href="https://www.eff.org/press/releases/social-justice-organizations-challenge-retention-dna-collected-hundreds-thousands">the case</a> by telling a judge there’s no basis for it, no law is being broken, and it should be dismissed. This is simply wrong. We <a href="https://www.eff.org/document/cgs-opposition-demurrer">asked the judge this week</a> to reject the state’s callous indifference to the privacy rights of Californians and its attempt to sweep its conduct under the rug.<br /><br /><a href="https://www.eff.org/cases/dna-collection">DNA</a> can reveal a vast array of highly private information, including family relationships, ethnicity, physical characteristics, illnesses, and genetic traits. People have a right to expect that this information will remain private and out of the hands of law enforcement. Yet, a person arrested for a felony in California must submit to the collection of their DNA, which is then sent to a state lab for analysis and generation of the individual’s genetic profile—whether they were released without charge, or the charges were dismissed.<br /><br />Once the profile is created, the state puts it into a California DNA database and automatically shares it with law enforcement agencies all over the country through an <a href="https://www.fbi.gov/services/laboratory/biometric-analysis/codis">FBI-managed DNA database</a>. It stays in the national database indefinitely and is regularly accessed and searched by thousands of other agencies.<br /><br />More than one-third of all those arrested in California in 2017 were released and never charged, had their charges dismissed, or were acquitted. But their DNA profile is likely still in the national law enforcement database being accessed by police all over the country. And most probably don’t even know it. Police are not required to tell arrestees that their DNA is being shared nationally, nor are they required to disclose to arrestees that if they are never charged or are acquitted, they can request that their DNA profile be expunged.<br /><br />People who find out they can apply to remove their DNA profile face a long, multi-step process with built-in delays. Some are required to get a letter from the prosecutor who attempted to charge them—but the prosecutor isn’t required to provide it.<br /><br />These Orwellian practices must end. There’s simply no legitimate governmental purpose for keeping and continually searching the DNA profiles of people who are not convicted of any felony crime. We told the court that it must stop law enforcement from violating people’s right to privacy over their own biometric data. Arrestees who are cleared shouldn’t be marked for the rest of their lives with their genetic information being made available for any law enforcement agency to examine. They have the same privacy rights and protections as every Californian.<br /><br />The state’s constitution doesn’t allow taking a DNA sample collected as part of the booking practice for jail security, and repurposing it for use in general criminal fishing expeditions to connect arrestees who are never charged with unrelated, unknown crimes. We’re looking forward to our clients’ day in court.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases: </div><div class="field__items"><div class="field__item even"><a href="/cases/center-genetics-and-society-v-becerra">Center for Genetics and Society v. Becerra</a></div></div></div>
[EFF] California’s Legislature Is Contemplating Abandoning Oversight Over Broadband Monopolies Just Like the FCC
2019-03-29T18:46:12Z
Ernesto Falcon
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><strong></strong>At a time when we are fighting to keep the future of broadband access from <a href="https://www.eff.org/deeplinks/2018/12/new-fcc-data-indicates-future-broadband-access-most-americans-will-be-monopoly">reverting back towards a monopoly</a>, it seems implausible that a legislator would suggest their state should follow the Federal Communications Commission’s lead to abandon oversight over a highly concentrated, uncompetitive market. But <a href="https://a80.asmdc.org/">Assemblymember Lorena Gonzalez</a> wants to take that exact approach. </p>
<p>The recently introduced <a href="https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201920200AB1366">A.B. 1366</a> mirrors the FCC’s abandonment of consumers with one exception—California fought to establish <a href="https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB822">its own net neutrality rules</a> under S.B. 822 passed last year. Apart from that, A.B. 1366 removes any semblance of the state promoting competition for broadband access through its state regulator, the California Public Utility Commission (the state version of an FCC). Instead, it appears to just hope that our cable monopolies will be benevolent.</p>
<h3> <strong>We Need to Promote Competition and Access To Keep Up With the Rest of the World</strong></h3>
<p>That’s the exact opposite of what our elected leaders in California, and the rest of the country, need to propose. <a href="https://www.eff.org/deeplinks/2019/03/us-desperately-needs-fiber-all-plan">We need a plan to boost competition for high-speed broadband</a><span>,</span> as the current “no plan” approach by the FCC is setting us up for failure. The legislature, along with the governor and the CPUC, should be working hard to understand why most people are stuck with either a cable monopoly—or no access at all—and working to resolve those barriers. A.B. 1366 would instead wash the state’s hands of trying to promote competition under the premise that monopolists have the best interest of consumers in mind.</p>
<p>Abandoning oversight and letting this market revert to monopolies removes any incentive for those companies to invest in improvements and new deployments. In doing so, this bill essentially promotes the theory that we do not need a plan to ensure universally available, affordable, and high-speed networks. That kind of thinking sets us back. No other country ahead of the United States on broadband access has adopted that theory. Instead, their governments aggressively supported competition by addressing monopoly choke points and other barriers to entry.</p>
<p>Both the EU and China are expected to vastly outpace the United States on gigabit fiber connections. In the EU’s case, they adopted a <a href="https://ec.europa.eu/digital-single-market/en/policies/improving-connectivity-and-access">series of policy plans to promote gigabit fiber as far back as 2016</a> (the same time we began abandoning oversight) and that has helped launch the <a href="http://www.broadbandworldnews.com/document.asp?doc_id=744822">open access fiber industry</a>, which holds real promise to <a href="https://www.diffractionanalysis.com/services/white-papers/2016/06/structural-remedies-solve-rural-broadband-issue">connect rural people to fiber to the home</a>. South Korea had adopted several national plans to deploy fiber gigabit connections <a href="https://www.publicknowledge.org/news-blog/blogs/why-does-south-korea-have-faster-internet-for-a-cheaper-price-tag">starting as far back as three decades</a> in order to achieve the broadband networks they have now. China is expected to <a href="https://www.wired.com/story/china-will-likely-corner-5g-market-us-no-plan/">connect 80 percent of their households to gigabit fiber</a> in just a few years–more than 5 times the United States, under our current no-plan approach.</p>
<h3><strong>Tired of Your Broadband Monopoly? Tell Your California Lawmakers to Oppose A.B. 1366</strong></h3>
<p>It is unfortunate we have to spend effort to prevent the California legislature from making our broadband market measurably worse with A.B. 1366. We need to make it clear that Californians want their legislature to promote competition and access— not abandon them to their broadband monopoly. Let’s start talking.</p>
<p class="take-action"><a href="https://action.eff.org/o/9042/p/dia/action4/common/public/?action_KEY=10918">Take Action</a></p>
<p class="take-explainer"><a href="https://action.eff.org/o/9042/p/dia/action4/common/public/?action_KEY=10918">Contact Your Legislators</a></p>
</div></div></div>
[EFF] Don't Repeat FOSTA's Mistakes
2019-03-29T16:03:38Z
Jason Kelley
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>Some of the most fruitful conversations we can have are about nuanced, sensitive, and political topics, and no matter who or where we are, the Internet has given us the space to do that. Across the world, an unrestricted Internet connection allows us to gather in online communities to talk about everything from the mundane to the most important and controversial, and together, to confront and consider our societies' pressing problems. But a </span><a href="https://www.reuters.com/article/us-usa-tech-congress/u-s-lawmaker-says-tech-companies-must-quickly-remove-violent-content-after-new-zealand-idUSKCN1R02NL"><span>growing</span></a> <a href="https://www.bloomberg.com/news/articles/2018-05-10/terrorists-creep-onto-facebook-as-fast-as-it-can-shut-them-down"><span>chorus</span></a><span> of U.S. politicians is considering dangerous new policies that would limit our ability to have those complex conversations online. </span></p>
<p><span>The Chair of the U.S. House Homeland Security Committee, Bennie Thompson, is urging tech companies to prioritize the removal of “sensitive, violent content” from their online platforms. But </span><a href="https://www.eff.org/deeplinks/2019/03/ourt-thoughts-new-zealand-massacre"><span>as we were worried might happen</span></a><span>, the Chair didn’t stop there—he’s also threatening new legislation if the companies don’t move quickly. </span></p>
<p><span>In </span><a href="https://homeland.house.gov/news/press-releases/chairman-thompson-tech-companies-must-work-stop-spread-terrorist-content"><span>a letter written shortly after</span></a><span> the heartbreaking shooting in New Zealand, which the shooter had livestreamed on multiple platforms, Rep. Thompson told Google, Facebook, Microsoft, and Twitter that if they don’t act, “Congress must consider policies to ensure that terrorist content is not distributed on your platforms, including by studying the examples being set by other countries." Calling for more aggressive moderation policies in the face of horrifying crimes is understandable, particularly when the major online platforms have failed to address how they can be exploited by individuals who broadcast or amplify hate and violence to unsuspecting users. Some might even argue that more aggressive moderation is a lamentable but needed shift in the online landscape. </span></p>
<p><span>But the desire to hold platforms legally accountable for the content that users post often backfires, expanding to silence legitimate voices, especially those that have long sought to overcome marginalization. These policies reward platforms for their censorship rather than for their ability to determine bad speech from good, or for meaningfully updating their business models to address how they’re feeding into this behavior. This is not to mention how the high technical bar required to implement the policies reinforces the dominance of the major platforms, which have the resources to comply with the new regulation, while new, innovative competitors do not. And if those policies are enacted into law—as has happened in other countries—the results are magnified, as platforms move to censor normal, everyday speech to protect themselves from liability. </span></p>
<h3><b>FOSTA Provides Clear Evidence Of How These Regulations Fail</b></h3>
<p><b></b></p>
<p><span>Congress doesn’t need to look at other countries for examples of how these sorts of policies might play out. Less than a year ago, </span><a href="https://www.eff.org/deeplinks/2018/12/congress-censors-internet-eff-continues-fight-fosta-2018-review"><span>it passed FOSTA</span></a><span>, </span><span>ostensibly to fight sex trafficking. Digital rights advocates, including EFF, fought against FOSTA in Congress because they feared its passage would threaten free expression online by criminalizing large portions of online speech and targeting sex workers and their allies. Groups that work closely with sex workers and sex trafficking victims </span><a href="https://www.eff.org/deeplinks/2017/10/sex-trafficking-experts-say-sesta-wrong-solution"><span>warned Congress</span></a><span> that the bill could put both consensual sex workers and sexual trafficking victims in even more danger. Horribly, these warnings appear </span><a href="https://www.dailydot.com/irl/increase-sex-trafficking-sesta-fosta/"><span>to have come true</span></a><span>, as sex workers have reported </span><a href="https://www.huffpost.com/entry/sex-workers-sesta-fosta_n_5ad0d7d0e4b0edca2cb964d9"><span>being subject to violence</span></a><span> while also being shut out of online platforms that they relied on to obtain health and safety resources, build communities, and advocate for their human rights. </span></p>
<p><span>FOSTA sent a wider shock wave through cyberspace, resulting in takedowns of content and censorship that many wouldn’t expect to result from such a law. Although a wide range of plaintiffs </span><a href="https://www.eff.org/deeplinks/2019/02/fosta-already-leading-censorship-we-are-seeking-reinstatement-our-lawsuit"><span>are fighting the bill</span></a><span> in court, some of the damage is already done. Some websites made changes explicitly as a result: Craigslist, for example, shut down its entire personals section, </span><a href="https://www.craigslist.org/about/FOSTA"><span>citing the risk the law created for them</span></a><span>. Other small, community-based platforms </span><a href="https://motherboard.vice.com/en_us/article/8xk8m4/furry-dating-site-pounced-is-down-fosta-sesta"><span>shut down</span></a><span> entirely rather than deal with FOSTA’s crippling criminal and civil liability. And although we cannot be certain that online platforms such as Tumblr and Facebook’s recent policy changes were the direct result of the law, they certainly appear to be. Tumblr </span><a href="https://www.eff.org/deeplinks/2018/12/dear-tumblr-banning-adult-content-wont-make-your-site-better-it-will-harm-sex"><span>banned all sexual content</span></a><span>; Facebook created a new “sexual solicitation” policy that <a href="https://www.eff.org/deeplinks/2018/12/facebooks-sexual-solicitation-policy-honeypot-trolls">makes discussion of consensual, adult sex </a></span><a href="https://www.eff.org/deeplinks/2018/12/facebooks-sexual-solicitation-policy-honeypot-trolls"><span>taboo</span></a><span>. </span></p>
<p><span>Regardless of a direct link to FOSTA, however, it’s readily apparent that digital rights advocates’ worst fears are coming true: when platforms face immense liability for hosting certain types of user speech, they are so cautious that they over-correct and ban a vast range of discussions about sex, sexuality, and other important topics, because they need to stay far clear of content that might lead to legal liability. Given the incredible chilling effect that FOSTA has had on the Internet and the community of sex workers and their allies who relied on online platforms, Internet users need to ensure that Congress knows the damage any law aimed at shifting liability for “terrorist” content to platforms would cause.</span></p>
<p><span>A bill that makes platforms legally responsible for “terrorist content”—even one that seems like it would only impact a small range of speech—would force platforms to over-censor, and could affect a range of people, from activists discussing strategies and journalists discussing newsworthy events to individuals simply voicing their opinions about </span><span>the real and terrible things that happen in our world. Banishing topics from the Internet stunts our ability to grow and solve issues that are real and worthy of our full attention.</span> <span>These types of regulations would not just limit the conversation—they would prevent us from engaging with the world's difficulties and tragedies. Just as an automated filter is not able to determine the nuanced difference between </span><a href="https://www.eff.org/deeplinks/2018/12/facebooks-sexual-solicitation-policy-honeypot-trolls"><span>actual online sex trafficking and a </span><i><span>discussion about</span></i><span> sex trafficking</span></a><span>, requiring platforms to determine whether or not a discussion of terrorist content is the same as terrorist content—or face severe liability—would inevitably lead to an over-reliance on filters that silence the wrong people, and as with FOSTA, would likely </span><a href="https://www.eff.org/deeplinks/2018/02/fosta-would-be-disaster-online-communities"><span>harm those</span></a><span> who are affected by terrorist acts the most.</span></p>
<p><span>Online platforms have the right to set their own policies, and to remove content that violates their community standards. Facebook, for example, has made clear that it will take down </span><a href="https://newsroom.fb.com/news/2019/03/technical-update-on-new-zealand/"><span>even segments of the horrendous video</span></a><span> that are shared as part of a news report, or posts in which users “actually intended to highlight and denounce the violence.” It’s also updated its policy on removing content that </span><a href="https://www.washingtonpost.com/technology/2019/03/27/facebook-says-it-will-now-block-white-nationalist-white-separatist-posts"><span>refers to white nationalism and white separatism</span></a><span>. But formally</span> <i><span>criminalizing </span></i><span>the online publication of even a narrow definition of “terrorist content” essentially forces platforms to shift the balance in one direction, resulting in them heavily policing user content or barring certain topics from being discussed at all—and potentially silencing journalists, researchers, advocates, and other important voices in the process.</span></p>
<p><span>Remember: without careful—and expensive—scrutiny from moderators, platforms can’t tell the difference between </span><a href="https://www.buzzfeed.com/katienotopoulos/how-trolls-locked-my-twitter-account-for-10-days-and-welp"><span>hyperbole and hate speech</span></a><span>, </span><a href="https://www.eff.org/deeplinks/2018/04/despite-what-zuckerbergs-testimony-may-imply-ai-cannot-save-us"><span>sarcasm and serious discussion</span></a><span>, or </span><a href="https://www.theguardian.com/technology/2016/sep/12/facebook-blocks-shaun-king-black-lives-matter"><span>pointing out violence versus inciting it</span></a><span>. As we’ve seen across the globe, users who engage in counter-speech against terrorism often find themselves on the <a href="https://twitter.com/BennettCartoons/status/1111293407509516289">wrong side of the rules</a>. Facebook has </span><a href="http://fortune.com/2016/09/28/facebook-censorship-palestinian/"><span>deactivated the personal accounts of Palestinian journalists</span></a><span>, </span><a href="https://www.theguardian.com/technology/2017/jun/06/facebook-chechnya-political-activist-page-deleted"><span>Chechen independence activists</span></a><span>, and even a journalist from the United Arab Emirates who </span><a href="https://www.eff.org/deeplinks/2017/07/industry-efforts-censor-pro-terrorism-online-content-pose-risks-free-speech"><span>posted a photograph</span></a><span> of Hezbollah leader Hassan Nasrallah with a LGBTQ pride flag overlaid on it—a clear case of parody counter-speech that Facebook’s filters and content moderators failed to grasp. </span></p>
<h3><br /><b>Creating Liability for Violent Content Would Be Unconstitutional</b></h3>
<p><b></b></p>
<p><span>Assuming members of Congress make good on their promise to impose legal liability on platforms that host “sensitive, violent content,” it would be plainly unconstitutional. The First Amendment sharply limits the government’s ability to punish or prohibit speech based on its content, especially when the regulation targets an undefined and amorphous category of “sensitive, violent content.” Put simply: there isn’t an exception to the First Amendment for that category of content, much less one for extremist or terrorist content, even though the public and members of Congress may believe such speech has little social value or that its dissemination may be harmful. As the Supreme Court </span><a href="https://supreme.justia.com/cases/federal/us/559/460/"><span>has recognized</span></a><span>, the “guarantee of free speech does not extend only to categories of speech that survive an ad hoc balancing of relative social costs and benefits.” Yet this is precisely what Chairman Thompson purports to do.</span></p>
<p><span>Moreover, although certain types of violent speech may be unprotected by the First Amendment, such as true threats and speech directly inciting imminent lawless activities, the vast majority of the speech Chairman Thompson objects to is fully protected. And even if online platforms hosted unprotected speech such as direct incitement of violent acts, the First Amendment <a href="https://scholar.google.com/scholar_case?case=7844372980201599517&hl=en&as_sdt=6&as_vis=1&oi=scholarr">would bar</a> imposing liability on the platforms unless they intended to encourage the violent acts and provided specific direction to commit them.</span></p>
<p><span>The First Amendment also protects the public’s ability to listen to or otherwise access others’ speech, because the ability to receive that information is often the first step before exercising one’s own free speech. Because platforms will likely react to the threat of legal liability by simply not publishing any speech about terrorism—not merely speech directly inciting imminent terrorist attacks or expressing true threats, for example—this would deprive platform users of their ability to decide for themselves whether to receive speech on certain content. This runs directly counter to the First Amendment, and imposing liability on platforms for hosting “sensitive, violent content” would also violate Internet users’ First Amendment rights. </span></p>
<h3><b>Around the World, Laws Aimed At Curbing Extremist Speech Do More Harm Than Good</b></h3>
<p><b></b></p>
<p><span>If Congress truly wants to look to other countries as an example of how policy may be enacted, it should also look at whether or not that country’s policy has been successful. By and large, requiring platforms to limit speech through similar regulations has failed much like FOSTA. </span></p>
<p><span>In France, an anti-terrorism law passed after the Charlie Hebdo shooting “leaves too much room for interpretation and could be used to censor a wider range of content, including news sites,” according to the </span><a href="https://cpj.org/blog/2015/03/in-blocking-websites-france-abandons-role-as-guard.php"><span>Committee to Protect Journalists</span></a><span>. Germany’s NetzDG, which requires companies to respond to reports of illegal speech within 24 hours, has </span><a href="https://www.techdirt.com/articles/20180217/19141939260/germanys-speech-laws-continue-to-be-raging-dumpster-fire-censorial-stupidity.shtml"><span>resulted in the removal of lawful speech</span></a><span>. And when democratic countries enact such regulations, more authoritarian governments are often inspired to do the same. For example, cybercrime laws implemented </span><a href="https://www.eff.org/pages/crime-speech-how-arab-governments-use-law-silence-expression-online"><span>throughout the Middle East and North Africa</span></a><span> often contain anti-terrorism provisions that have enabled governments to silence their critics.</span></p>
<p><span>The EU’s </span><a href="https://www.eff.org/deeplinks/2019/02/eus-proposal-curb-dissemination-terrorist-content-will-have-chilling-effect-speech"><span>recently proposed regulation</span></a><span>—which would require companies to take down “terrorist content” within one hour—might sound politically popular, but would be poisonous to online speech. Along </span><a href="https://blog.witness.org/2019/01/witness-brings-together-voices-push-back-dangerous-dissemination-terrorist-content-proposal-civil-society-letter/"><span>with dozens</span></a><span> of </span><a href="https://cdt.org/?p=82654"><span>other organizations</span></a><span>, we’ve asked that MEPs consider the serious consequences that the passing of this regulation could have on human rights defenders and on freedom of expression. Asking companies to remove content within an hour of its being posted essentially forces them to bypass due process and implement filters that censor first and ask questions later. </span></p>
<p><span>If anyone should think that our government would somehow overcome the tendency to abuse these sorts of regulations, take note: Just this month, the Center for Media Justice and the ACLU </span><a href="https://www.aclu.org/blog/racial-justice/race-and-criminal-justice/fbi-wont-hand-over-its-surveillance-records-black"><span>sued the FBI</span></a><span> for refusing to hand over documents related to its surveilling of “Black Identity Extremists,” a “new domestic terror threat,” that, for all intents and purposes, it seems to have made up. Government agencies have </span><a href="https://www.eff.org/deeplinks/2019/02/watching-black-body"><span>a history</span></a><span> of </span><a href="https://www.eff.org/deeplinks/2018/08/eff-amicus-brief-privacy-act-requires-fbi-delete-files-its-internet-speech"><span>defining threats</span></a> <a href="https://www.eff.org/deeplinks/2017/11/term-homegrown-violent-extremist-needs-transparency"><span>without offering transparency</span></a><span> about how they determine those definitions, giving them the ability to determine who to surveil with impunity. We should not give them the ability to decide who to censor on online platforms as well. While allowing Internet companies to self-moderate may not be a perfect solution, the government should be extremely careful considering any new regulations that would limit speech—or else it will be wading into ineffective, dangerous, and unconstitutional, territory. </span></p>
</div></div></div>
[EFF] Court Denies EFF Effort to Obtain Classified Significant Surveillance Court Opinions
2019-03-28T18:32:14Z
Aaron Mackey
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>A federal court’s <a href="https://www.eff.org/document/opinion-eff-v-doj-significant-fisc-opinions-foia">ruling</a> earlier this week has blunted a key provision of the surveillance reform law that required the government to be more transparent about legal decisions made by the United States secret surveillance court.</p>
<p>After Edward Snowden revealed the government’s ongoing mass collection of Americans’ telephone phone records in 2013, Congress responded by passing the USA Freedom Act in 2015. In addition to limiting the NSA’s surveillance authority, Congress also clearly intended to end the Foreign Intelligence Surveillance Court’s (FISC) ability to keep the decisions it made behind closed doors secret.</p>
<p>Since its inception in the 1970s, the government has asked the FISC to decide what constitutional or other legal protections, if any, Americans and others enjoy while seeking approval of the government’s secret mass surveillance programs. Though we were not happy with many aspects of the final USA Freedom language, EFF was pleased that the final language did require that the government review and declassify “each decision, order, or opinion” that contained significant interpretations of the Constitution or other laws and to make them “publicly available to the greatest extent practicable.” We believe this language, along with statements from Members of Congress during the debate, clearly require the FISC to release decisions both from before 2015 as well as after.</p>
<p>Unfortunately, earlier this week a federal district court in California disagreed. Although the court did not rule on whether USA Freedom requires the government to review and disclose significant FISC opinions created before May 2015, it decided that EFF could not rely on USA Freedom’s transparency provisions while seeking FISC opinions as part of a Freedom of Information (FOIA) <a href="https://www.eff.org/cases/significant-fisc-opinions">lawsuit</a>. The ruling also upheld the government’s decision to completely withhold six significant FISC opinions based on the government’s claims that disclosing even a single word would jeopardize national security.</p>
<p>Unsurprisingly, we disagree with the court’s decision. One of the frustrating aspects of the ruling is that it allows the government to continue to ignore Congress’ clear command in USA Freedom to review <em>all</em> significant decisions by the FISC and release them to the public. This is important because we know that the FISC has authorized government surveillance that other federal courts found to be <a href="https://www.aclu.org/sites/default/files/field_document/clapper-ca2-opinion.pdf">illegal</a>, such as the <a href="https://www.eff.org/deeplinks/2015/11/bulk-call-details-records-collection-ends-what-means">mass collection</a> of American’s telephone records, and deeply troubling, such as <a href="https://www.eff.org/deeplinks/2016/10/usa-freedom-act-requires-government-declassify-any-order-yahoo">reportedly ordering</a> Yahoo to secretly scan all of its users’ email messages.</p>
<p>The government has argued that USA Freedom’s transparency provisions only apply to decisions issued after the law passed in May 2015 and that Congress did not intend for the government to go back and declassify older FISC decisions.</p>
<p>Again, we disagree. The government’s argument contradicts the clear direction Congress gave in USA Freedom to review all significant FISC decisions. It also ignores the intent of Congress, as members who drafted and sponsored USA Freedom repeatedly <a href="https://www.govinfo.gov/content/pkg/CREC-2015-05-13/html/CREC-2015-05-13-pt1-PgH2901-2.htm">stated</a> that the transparency provisions were designed <a href="https://www.eff.org/document/eff-cross-motion-partial-summary-judgment-and-opposition">to end secret law</a> created <a href="https://www.c-span.org/video/?c4623993/conyers-usa-freedom-transparency">by the FISC</a>. Even after USA Freedom passed in 2015, members of Congress <a href="https://www.wyden.senate.gov/news/press-releases/wyden-the-executive-branch-must-always-declassify-new-interpretations-of-federal-surveillance-law">called on the government</a> to declassify and release significant opinions.</p>
<p>We think it’s outrageous that the Executive Branch has ignored Congress’ command. And we hope that as Congress <a href="https://www.eff.org/deeplinks/2019/03/congress-has-chance-finally-end-nsas-mass-telephone-records-program">considers ending</a> the NSA’s mass telephone records program, it can be even more explicit in requiring the government to declassify <em>all</em> significant FISC opinions, perhaps clarifying that the word “each” means “every” and “all,” which is what the word actually means.</p>
<p>Although the court’s decision this week is a setback to ending secret law created by the FISC, the lawsuit successfully pried more than 70 previously classified FISC decisions from the government that the court issued after 2001. These decisions showed a number of troubling actions by the government and the FISC, including the fact that the court <a href="https://www.eff.org/deeplinks/2017/06/provider-fought-secret-surveillance-order-court-denied-it-access-relevant-law">is so secretive</a> that a service provider challenging a FISC order couldn’t even access the law the government was citing in legal papers as it sought to force the provider to comply.</p>
<p>Opinions disclosed as a result of EFF’s lawsuit show how the FISC itself <a href="https://www.eff.org/deeplinks/2018/09/new-surveillance-court-orders-show-even-judges-have-difficulty-understanding-and">struggles to get direct, honest answers</a> from the government about misuse or abuse of surveillance the court had previously authorized. Other orders showed that even with direct authorization from FISC judges, the <a href="https://www.eff.org/deeplinks/2018/02/newly-released-surveillance-orders-show-even-individualized-court-oversight-spying">government abuses the powers</a> it is granted to conduct surveillance, a troubling fact given that much of the NSA’s mass surveillance does not require individualized authorization by FISC judges. The opinions are publicly available <a href="https://www.documentcloud.org/search/Project:%20%22FISC%20Opinions%20on%20Sec.%20702%20-%20Released%2006-14-2017%22">here</a>, <a href="https://www.documentcloud.org/search/Project:%20%22FISC%20702%20opinions%22">here</a>, <a href="https://www.documentcloud.org/search/Project:%20%22FISC%20Opinions%20on%20Sec.%20702%20-%20Released%2006-14-2017%22">here</a>, and <a href="https://www.documentcloud.org/search/Project:%20%22FISC%20Opinions%20on%20classic%20FISA%20-%20Released%2001-31-2018%22">here</a>.</p>
<p>Finally, although we are still deciding what comes next with this case, rest assured that EFF will continue to push for greater transparency from the FISC, including getting all significant decisions it has issued since the 1970s, and for an end to secret law.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases: </div><div class="field__items"><div class="field__item even"><a href="/cases/significant-fisc-opinions">Significant FISC Opinions</a></div></div></div>
[EFF] Hearing Friday in Jewel NSA Spying Lawsuit: EFF Asks Court to Let Case Proceed to Determine Constitutionality of Mass Surveillance
2019-03-27T21:59:08Z
Karen Gullo
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">DOJ’s Attempt to Drag Out State Secret Defense Again Should Be Rejected</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Oakland, California—On Friday, March 29, at 9:00 am, the Electronic Frontier Foundation (EFF) will tell a federal court that its clients should be allowed to proceed with their case challenging the constitutionality of NSA spying. The government’s latest attempts to prevent the court from evaluating the legality of surveilling millions of innocent Americans should be rejected, EFF will argue.<br /><br />Friday’s hearing is an important milestone in EFF’s long-running <a href="https://www.eff.org/files/filenode/jewel/jewel.complaint.pdf">lawsuit</a> alleging that the government’s mass interception and collection of people’s communications violates the U.S. Constitution. After years of government efforts to <a href="https://www.eff.org/deeplinks/2018/07/eight-att-buildings-and-ten-years-litigation-shining-light-nsa-surveillance">delay</a> and block our ability to bring the NSA to account for spying on Americans emails, phone call information, and other communications, the government is asking the court to grant judgment in its favor because, it contends, the plaintiffs cannot prove that they were spied on. The court cannot rule on the issue one way or the other without disclosing state secrets, the government argues. EFF is asking the court to allow the plaintiffs to move forward to the merits of the case—whether the spying was illegal—using the special procedure Congress created for resolving cases which might involve national security information.<br /><br />EFF presented <a href="https://www.eff.org/deeplinks/2018/10/new-witness-and-new-experts-bolster-our-jewel-case-we-fight-governments-latest-0">declarations</a> from <a href="https://www.eff.org/deeplinks/2018/11/snowden-files-declaration-nsa-spying-case-confirming-authenticity-draft-inspector">new</a> <a href="https://www.eff.org/deeplinks/2018/10/new-witness-and-new-experts-bolster-our-jewel-case-we-fight-governments-latest-0">experts</a> and a new whistleblower that make clear that it’s more likely than not—the legal standard required to proceed with the case—that a communication of at least one of our plaintiffs was vacuumed up by NSA spying programs. At the hearing, EFF Special Counsel Richard Wiebe will show that the government’s own <a href="https://www.eff.org/node/72021">admissions</a> about the scope and workings of its bulk surveillance schemes and the testimony of new experts and the whistleblower more than debunk the government’s claims—already <a href="https://www.eff.org/press/releases/federal-judge-allows-effs-nsa-mass-spying-case-proceed">rejected</a> once before—that the case can’t proceed because it would expose “<a href="https://www.eff.org/nsa-spying/state-secrets-privilege">state secrets</a>.”<br /><br />What:<br />Hearing in <em>Jewel v. NSA<br /></em><br />When:<br />Friday, March 29, at 9:00 am <br /><br />Where:<br />U.S. District Court, Northern District of California<br />Courtroom 5, 2<sup>nd</sup> Floor<br />Ronald V. Dellums Federal Building & U.S. Courthouse<br />130 Clay St.<br />Oakland, CA 94612<br /><br />For EFF's motion to proceed on merits:<br /><span><a href="https://www.eff.org/document/plaintiffs-opposition-governments-summary-judgment-motion-and-plaintiffs-motion-proceed">https://www.eff.org/document/plaintiffs-opposition-governments-summary-judgment-motion-and-plaintiffs-motion-proceed:<br /><br /></a></span>For more on this case:<br /><span><a href="https://www.eff.org/cases/jewel">https://www.eff.org/cases/jewel<br /><br /></a></span>For more on NSA spying:<br /><span><a href="https://www.eff.org/nsa-spying/faq#38">https://www.eff.org/nsa-spying/faq#38</a></span></p>
</div></div></div><div class="field field--name-field-contact field--type-node-reference field--label-above"><div class="field__label">Contact: </div><div class="field__items"><div class="field__item even"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">David</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Greene</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Civil Liberties Director</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:davidg@eff.org">davidg@eff.org</a></div></div></div> </div>
</div>
</div><div class="field__item odd"><div class="ds-1col node node--profile node--promoted view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Corynne</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">McSherry</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Legal Director</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:corynne@eff.org">corynne@eff.org</a></div></div></div> </div>
</div>
</div></div></div>
[EFF] Texas: Don’t Let the Legislature Gut Your State’s Free Speech Laws
2019-03-27T19:54:54Z
Joe Mullin
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>A bill is moving forward in the Texas Legislature that would make it easier to bring baseless lawsuits against Internet users in the state who review businesses, speak anonymously, or otherwise exercise their First Amendment rights. If you’re a Texan, we need you to contact your lawmakers and speak up for free speech.</p>
<p>The bill, <a href="https://capitol.texas.gov/tlodocs/86R/billtext/html/HB02730I.htm">HB 2730</a>, would gut key protections of the Texas Citizens Participation Act, or TCPA. The TCPA was passed in 2011 to help fight back against lawsuits meant to silence free speech, which are sometimes called SLAPPs—which stands for Strategic Lawsuit Against Public Participation. The Texas anti-SLAPP law’s robust speech protections have made it a national model. </p>
<p>Properly crafted anti-SLAPP laws provide critical protections for speech. While the state laws are different, they generally allow individuals targeted by the suits to get them thrown out early and allow targets of the lawsuits to recoup their costs and attorneys’ fees from the party that sued them.</p>
<p>The TCPA contains these provisions and others that make it a powerful tool for everyday Texans who get dragged into court for exercising their First Amendment rights. Even meritless lawsuits targeting speech fully protected by the Constitution are expensive, time consuming, and intimidating to defend against. The biggest motivator for litigants bringing a SLAPP suit is often to inflict financial and other damage on their targets rather than vindicate legitimate legal claims, making it a battle that many people simply can’t afford.</p>
<p>Since the TCPA passed in 2011, it has worked <a href="https://protectfreespeechcoalition.com/TCPA-helps/">incredibly well</a> to protect Texans targeted for exercising their free speech rights. But the TCPA will be seriously damaged if HB 2730 passes in its current form.</p>
<p>The bill includes specific provisions that would harm speakers who rely on the Internet for free speech. First, the bill will help individuals who want to intimidate, harass, or silence anonymous speakers. They’ll be able to take advantage of a feature of Texas law that allows them to find out speakers’ identities, without having to file a lawsuit. Anonymous speakers are already targets of <a href="https://www.eff.org/deeplinks/2018/10/lawsuit-seeking-unmask-contributors-shitty-media-men-list-would-violate-anonymous">vexatious lawsuits</a>. HB 2730 is particularly concerning because it would explicitly prevent anonymous speakers targeted by Texas’ pre-litigation discovery process from being able to use the TCPA to defend themselves. The bill gives the <a href="https://www.eff.org/deeplinks/2019/02/texas-supreme-court-subtly-provides-stronger-protections-anonymous-speakers">green light</a> to companies that want to wipe away online criticism, including true statements or opinions protected by the First Amendment. </p>
<p>Second, the bill greatly narrows the type of First Amendment activity that would be protected by the TCPA. It specifically exempts speech related to “selling or leasing goods or services,” among other things. Online reviewers could be threatened with lawsuits just for giving their honest views of a product, and wouldn’t be able to defend themselves with the TCPA. </p>
<p>Finally, it punches huge a loophole in the TCPA by exempting legal actions to enforce non-disparagement agreements. These types of clauses can be buried deep inside contracts, and consumers sometimes don’t even know they have signed away their right to criticize a business or online service. The bill would exacerbate the power imbalance between online services and their users—companies and others could sue users won’t get any protections under the TCPA.</p>
<p>With the bill expected to receive a hearing next week in the Judiciary and Civil Jurisprudence committee in the Texas House of Representatives, it’s critical that the nine committee members hear from Texans this week. Send an email now.</p>
<p class="take-action"><a href="https://act.eff.org/action/texas-tell-your-state-representatives-to-protect-free-speech">TAKE ACTION</a></p>
<p class="take-explainer"></p>
<p class="take-action"></p>
<p class="take-explainer">TELL TEXAS LAWMAKERS NOT TO THROW OUT FREE SPEECH PROTECTIONS</p>
</div></div></div>
[EFF] EFF Backs Redditor in Fight to Stay Anonymous
2019-03-26T23:35:03Z
Rebecca Jeschke
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Religious Group Uses Abusive Copyright Claim to Unmask Online Speaker</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>San Francisco—The Electronic Frontier Foundation (EFF) is representing an anonymous Reddit commenter who is facing an abusive copyright claim from the Watchtower Bible and Tract Society, a group that publishes doctrines for Jehovah’s Witnesses. Today, EFF filed a <a href="https://www.eff.org/document/motion-quash-1">motion to quash</a> the attempt by Watchtower to unmask the online commenter.</p>
<p>The commenter referred to as “John Doe” in the filing is a lifelong member of the Jehovah’s Witness community. Using the handle “darkspilver,” Doe has chosen to share comments and concerns via one of Reddit’s online discussion groups. Darkspilver’s posts included a copy of an advertisement asking for donations that appeared on the back of a Watchtower magazine, as well as a chart Doe edited and reformatted to show the kinds of data that the Jehovah’s Witness organization collects and processes. Earlier this year, Watchtower subpoenaed Reddit for information on “darkspilver” as part of a potential copyright lawsuit.</p>
<p>“Much of the material shared by our client is barely copyrightable,” said EFF Staff Attorney Alex Moss. “That aside, the posts are lawful fair uses—legal ways to use copyrighted material without permission—and Watchtower should know it.”</p>
<p>EFF’s client picked Reddit to share thoughts precisely because Reddit allows users to speak anonymously. Darkspilver has seen Jehovah’s Witness community members who raise questions be excommunicated or “disfellowshipped,” where family and friends remaining in the community cut off normal social interactions.</p>
<p>“Courts routinely quash subpoenas like this one if they don’t pass constitutional scrutiny, and they should do so here,” said EFF Legal Director Corynne McSherry. “Darkspilver has a right to share their thoughts and feelings online without worrying that a baseless copyright claim could change their relationships to their closest friends and family.”</p>
<p>For the full motion to quash:<br /><a href="https://www.eff.org/document/motion-quash-1">https://www.eff.org/document/motion-quash-1</a></p>
</div></div></div><div class="field field--name-field-contact field--type-node-reference field--label-above"><div class="field__label">Contact: </div><div class="field__items"><div class="field__item even"><div class="ds-1col node node--profile node--promoted view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Corynne</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">McSherry</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Legal Director</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:corynne@eff.org">corynne@eff.org</a></div></div></div> </div>
</div>
</div><div class="field__item odd"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Alex</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Moss</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Staff Attorney</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:alex@eff.org">alex@eff.org</a></div></div></div> </div>
</div>
</div></div></div>
[EFF] Real Net Neutrality Protections Passed Their First Vote
2019-03-26T17:59:39Z
Katharine Trendacosta
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>The Save the Internet Act <a href="https://www.congress.gov/bill/116th-congress/house-bill/1644/">(H.R. 1644</a>) has survived its first vote, 18-11. This is a victory for everyone who wants strong, real net neutrality protections. It is, as is so often the case in the net neutrality battle, a win for the majority of Americans who support these protections against the narrow interests of a few giant Internet service providers (ISPs).</p>
<p>Millions of American across the country denounced the FCC’s decision to repeal the 2015 Open Internet Order and abandon oversight over the broadband industry. Americans overwhelmingly support net neutrality and the privacy and competition protections that accompany it. The FCC nonetheless tried to ignore common sense, market realities, and the public interest. This bill sets things right, following a clear mandate from the American people. We applaud the House <span>Subcommittee on Communications and Technology for listenting to the thousands of you who have spoken up for net neutrality. <br /></span></p>
<p>The Save the Internet Act would make permanent the 2015 Open Internet Order, restoring its hard-won net neutrality protections. There have been arguments against this bill, many restated during the hearing today. Rep. Greg Walden described the bill as having unnecessary protections, suggesting that all we need are bright line rules against blocking, throttling, and paid prioritization. Walden also listed problems of privacy and speech faced by edge providers like Facebook, Google, and Twitter, asking “What if anything does this bill do to protect users from those potential abuses?” Those are real concerns and <a href="https://www.eff.org/document/life-cycle-competition">EFF has suggested that Congress look at a lot of ways to improve competition on the Internet</a>, but they are different from net neutrality, which requires ISPs to treat data in a non-discriminatory manner. Tackling one set of problems should not mean we abandon the work being done on another. Rep. Debbie Dingell had it correct when she said, “I just want to comment about what we’re really here to do. We’re asking a lot of questions and making it really complicated, and it’s really simple. Today we’re addressing a wrong that was created by Chairman Pai when he abolished net neutrality. And he hurt millions of Americans across this country.”</p>
<p>Rep. Yvette D. Clarke said today, “When ISPs pick winners and losers, it doesn’t just hurt consumers, it also chills competition and innovation.” We agree, and that’s why EFF supports this bill and real net neutrality protections.</p>
<p>The Save the Internet Act is headed for a vote in the House Committee on Energy and Commerce, so keep telling your representatives to support it by co-sponsoring the bill.</p>
<p class="take-action"><a href="https://act.eff.org/action/tell-congress-to-restore-full-net-neutrality-protections">Take Action</a></p>
<p class="take-explainer"><a href="https://act.eff.org/action/tell-congress-to-restore-full-net-neutrality-protections">Protect Net Neutrality</a></p>
</div></div></div>
[EFF] EU’s Parliament Signs Off on Disastrous Internet Law: What Happens Next?
2019-03-26T12:38:18Z
Danny O'Brien
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>In a stunning rejection of the will of <u><a href="https://www.change.org/p/european-parliament-stop-the-censorship-machinery-save-the-internet">five million online petitioners</a></u>, and over <u><a href="https://netzpolitik.org/2019/weit-mehr-als-100-000-menschen-demonstrieren-in-vielen-deutschen-staedten-fuer-ein-offenes-netz/">100,000 protestors</a></u> this weekend, the European Parliament has abandoned common-sense and the advice of academics, technologists, and UN human rights experts, and approved the Copyright in the Digital Single Market Directive in its entirety.</p>
<p>There’s now little that can stop these provisions from becoming the law of the land across Europe. It’s theoretically possible that the final text will fail to gain a majority of member states’ approval when the European Council meets later this month, but this would require at least one key country to change its mind. Toward that end, German and Polish activists are already re-doubling their efforts to shift their government’s key votes.</p>
<p>If that attempt fails, the results will be drawn-out, and chaotic. Unlike EU Regulations like the GDPR, which become law on passage by the central EU institutions, EU Directives have to be transposed: written into each member country’s national law. Countries have until 2021 to transpose the Copyright Directive, but EU rarely keeps its members to that deadline, so it could take even longer.</p>
<p>Unfortunately, it is likely that the first implementation of the Directive will come from the countries who have most enthusiastically supported its passage. France’s current batch of national politicians have consistently advocated for the worst parts of the Directive, and the Macron administration may seek to grab an early win for the country’s media establishment.</p>
<p>Countries whose polity were more divided will no doubt take longer. In Poland, politicians were besieged by angry voters wanting them to vote down the Directive, while simultaneously facing brazen denunciations from national and local newspaper owners warning that they would “not forget” any politician who voted against Article 11. The passing of the Directive will still leave that division between the Polish people and the media establishment, with politicians struggling to find a domestic solution that won’t damage their prospects with either group.</p>
<p>The rhetoric in Germany in the last few days was not much better. German politicians claimed with straight faces that the tech companies had paid this weekend’s protestors to march on the streets. Meanwhile, the Christian Democratic Union, Angela Merkel’s party, whose own Axel Voss as the ringleader for the Directive, put out a policy proposal that suggested it could implement Article 13 not with filters, but with a blanket licensing regime. Legal experts have already said that these licenses won’t comply with Article 13’s stringent requirements – but it’s going to be hard for the CDU to walk back from that commitment now.</p>
<p>Which brings us to the future prospect of legal challenges in Europe’s courts. Again, unlike the GDPR, which gave existing regulatory bodies the clear power to adjudicate and enforce that law and its ambiguities, it’s unclear who is supposed to impose consistency in the EU between, say, a harsh French regime and a potentially softer German solution, or interpret the Directive’s notoriously <u><a href="https://twitter.com/why0hy/status/1109849333900500993">incoherent text</a></u>.</p>
<p>That means it will fall by default to Europe’s judicial system, and the long, slow road to a final decision by the EU’s superior court, the European Court of Justice (ECJ).</p>
<p>We can expect media and rightsholders to lobby for the most draconian possible national laws, then promptly march to the courts to extract fines whenever anyone online wanders over its fuzzy lines. The Directive is written so that any owner of copyrighted material can demand satisfaction from an Internet service, and we’ve already seen that the rightsholders are by no means united on what Big Tech should be doing. Whatever Internet companies and organizations do to comply with twenty-seven or more national laws – from dropping links to European news sites entirely, to upping their already over-sensitive filtering systems, or seeking to strike deals with key media conglomerates – will be challenged by one rightsholder faction or another.</p>
<p>But there’s also opportunities for the courts to rein in the Directive – or even throw out its worst articles entirely. One key paradox at the heart of the Directive will have to be resolved very soon. Article 13 is meant to be compatible with the older E-Commerce Directive, which explicitly forbids any requirement to proactively monitor for IP enforcement (a provision that was <u><a href="https://www.eulawblog.eu/?p=1153">upheld and strengthened by the ECJ</a></u> in 2011). Any law mandating filters could be challenged to settle this inconsistency.</p>
<p>But who will represent Internet users in court? Big Tech has some of the motive and the millions to do it, but after this heavy defeat, those increasingly defensive giants may well decide that it will be better to settle out of court, and strike a deal that pays a danegeld to the established media in Europe – at a price that will conveniently lock out any potential tech upstarts to their market dominance in that market.</p>
<p>That means Europe’s Internet users can’t depend on the tech companies to fight this. The battle will have to continue, as it has done in these last few weeks, with millions of everyday users uniting online and on the streets to demand their right to be free of censorship, and free to communicate without algorithmic censors or arbitrary licensing requirements.</p>
<p>EU netizens will need to organize and support independent <u><a href="http://www.edri.org/">European digital rights groups</a></u> willing to challenge the Directive in court.</p>
<p>And outside Europe, friends of the Internet will have to brace themselves to push back against copyright maximalists attempting to export this terrible Directive to the rest of the world. We must, and we will, regroup and stand together to stop this Directive in Europe, and prevent it spreading further.</p>
</div></div></div>
[EFF] EFF, Coalition Urge Supreme Court to Maintain Public Access to Government’s Use of Privately Developed Technology
2019-03-26T00:37:21Z
Aaron Mackey
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Some of the most controversial technologies government agencies use to surveil the public or automate decisions about them are developed or overseen by private parties.</p>
<p>Whether it’s automated license plate readers (ALPRs), cell-site simulators, or algorithmic tools used by federal courts and other agencies to make decisions about people’s life and liberty, the federal government increasingly purchases the technology from private contractors.</p>
<p>But a Freedom of Information Act (FOIA) case before the U.S. Supreme Court threatens to further restrict the public’s ability to learn about when government uses technology. That’s why EFF, along with a coalition of other organizations, filed a friend-of-the-court <a href="https://www.eff.org/document/eff-coalition-amicus-brief-food-marketing-institute-v-argus-leader">brief</a> on Monday asking the court to decline an effort to expand a FOIA exemption that prohibits the disclosure of private parties’ trade secrets and confidential business information.</p>
<p>FOIA must permit the public to access to this information, the brief argues, because “private-sector technologies increasingly define how government programs operate, how they affect individuals, and whether they may infringe on constitutional rights and liberties.”</p>
<p>The underlying case, <a href="https://www.scotusblog.com/case-files/cases/food-marketing-institute-v-argus-leader-media/"><em>Food Marketing Institute v. Argus Leader Media</em></a>, concerns a FOIA request by a newspaper that sought records on government funds paid to grocery stores and other retailers as part of the Supplemental Nutrition Assistance Program (SNAP), or what was formerly called the food-stamp program. The reporter was interested in seeing records about potential retailers defrauding the program.</p>
<p>The U.S. Department of Agriculture refused to release the information, claiming it was exempt under FOIA’s Exemption 4, which allows an agency to withhold information that contains trade secrets or confidential business information obtained from third parties, such as companies. A federal court found that the information requested did not qualify as confidential business information and ordered the agency to disclose it. The Food Marketing Institute, a trade group for grocery stores, intervened in the case and ultimately petitioned the Supreme Court to review that ruling.</p>
<p>Although the case is ostensibly about access to SNAP records, EFF and others are worried about the consequences should the Supreme Court adopt a broad reading of what qualifies as confidential business information under FOIA Exemption Four. As the brief argues:</p>
<blockquote><p><strong></strong>An expansion of Exemption 4 would be particularly devastating for the public’s ability to understand government programs that increasingly depend on emerging and complex technology developed by private companies. The government relies extensively on the private sector to provide technology that is central to all manner of government activities—from “big data” algorithmic decisionmaking systems, to powerful surveillance technology, to the government’s core information infrastructures—and this reliance is sure to increase going forward. It is critical to cabin Exemption 4’s reach so that the public is not left without the ability to understand core governmental activities by accessing records about the private sector technologies on which those activities depend.</p>
</blockquote>
<p>The brief highlights how public access to information about controversial government programs, including <a href="https://www.eff.org/pages/face-recognition">facial recognition</a>, <a href="https://www.eff.org/pages/tattoo-recognition">automated tattoo recognition</a>, and <a href="https://www.eff.org/cases/automated-license-plate-readers">ALPRs</a> could be limited if private companies are allowed to claim that the technology is protected by an expanded Exemption 4.</p>
<p>“The public has a strong interest in accessing information related to which types of facial recognition software the government is using, in what ways it is being used, and the level of accuracy achieved,” the brief argues. “Expanding Exemption 4 could frustrate these goals by allowing companies to self-designate records as ‘confidential.’”</p>
<p>The brief also demonstrates how it is essential that FOIA permit access to information about how the government makes important decisions about benefits it provides to the public or other uses of automated decision-making skills, as those decisions increasingly rely on private technology, including algorithms.</p>
<p>“These algorithms purport to make the state’s allocation of scarce resources more efficient, but they are easily infected with grave defects,” the brief states. “In one case, a court found that the state’s automated Medicaid budgeting system was so unreliable that it ‘arbitrarily deprive[d] participants of their property rights and hence violate[d] due process.’”</p>
<p>Joining EFF on the brief were New York University’s <a href="https://ainowinstitute.org/">AI Now Institute</a>, the <a href="https://www.aclu.org/">American Civil Liberties Union</a>, the <a href="https://www.law.nyu.edu/centers/race-inequality-law">Center for Race, Inequality, and the Law</a> at New York University School of Law, and the <a href="https://knightcolumbia.org/">Knight First Amendment</a> Institute at Columbia University.</p>
<p>EFF would like to thank the University of Buffalo School of Law’s <a href="http://www.law.buffalo.edu/beyond/clinics/civil-liberties.html">Civil Liberty and Transparency Clinic</a> for <a href="https://www.law.buffalo.edu/links/2019-March/clinics-brief-heads-to-supreme-court.html">writing and filing the brief</a>. We owe a particular debt of gratitude to student attorneys Suzanne Starr, John Zakour, and John Kueble, as well as Assistant Clinical Professor Jonathan Manes, who supervised their work.<span></span></p>
</div></div></div>
[EFF] Why Are Creators Paying for TikTok’s Mistake?
2019-03-25T19:25:41Z
Katharine Trendacosta
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>TikTok is an app that makes it easy for people to make short lip-synching videos, which unsurprisingly makes it a goldmine of creativity and memes. TikTok recently got in hot water with the Federal Trade Commission because it failed to comply with Children’s Online Privacy Protection Act (COPPA). COPPA requires online services that are either “directed at” children under the age of 13 or have knowledge that they have users who are under 13 to arrange for parental permission before they start collecting personal information about those users.</p>
<p>The FTC fined TikTok $5.7 million and ordered it to delete personal information of young users, with the option to transfer copies of the videos back to them. The FTC required TikTok to “destroy” the “personal information” of any account belonging to someone currently 13 or under, or who was under 13 when they joined. In other words, the account, its videos, the fans, everything that had been built up by the users, would be deleted. However, the FTC also gave TikTok the option to give users copies of their videos.</p>
<p>TikTok’s attempt to comply was riddled with problems. Users logging in for the first time after the order were prompted to give their birthdate, but TikTok’s own interface defaulted to putting in the current date while also not making crystal clear to users <em>why </em>it needed that information and what could result. A number of users had trouble getting the date to change, giving the system the impression that they were zero years old and resulting in the deletion of their accounts and losing their videos. <a href="https://www.buzzfeednews.com/article/laurenstrapagiel/tiktok-account-delete">Other users</a>—including many older than 13—found everything deleted without ever being asked their age at all.</p>
<p>TikTok responded to these errors by <span><a href="https://twitter.com/tiktok_us/status/1100866314204139520">asking users who wished to restore their accounts to submit a government ID</a></span> proving their age. But not everyone has that kind of ID, especially not teenagers.</p>
<p>Even if this had worked exactly as planned, it would be a disaster. TikTok’s been around for years. Imagine if you’d been making videos there the whole time, steadily building fans, and using a platform the way it was intended. And then, because of TikTok’s mistake, all of that vanished.</p>
<p>Unfortunately, TikTok’s muddled response is not unique. When companies get caught breaking privacy rules, users can suffer twice–first by having their information collected improperly <a href="https://www.engadget.com/2019/02/22/facebook-shuts-down-onavo-android/">and then by</a> <a href="https://nj.gov/oag/newsreleases18/pr20180803a.html">losing access</a> t<a href="https://www.npr.org/2018/10/09/655793156/google-shuts-down-google-for-consumers-after-revealing-data-vulnerability">o the service</a>.</p>
<p>We hope online service providers of all stripes learn from TikTok’s mistakes.</p>
</div></div></div>
[EFF] To Search Through Millions of License Plates, Police Should Get a Warrant
2019-03-22T19:26:12Z
Andrew Crocker
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Earlier this week, EFF filed a brief in one of the first cases to consider whether the use of <a href="https://www.eff.org/pages/automated-license-plate-readers-alpr">automated license plate reader</a> (ALPR) technology implicates the Fourth Amendment. Our <a href="https://www.eff.org/document/united-states-v-yang-eff-aclu-amicus-brief">amicus brief</a>, filed in the Ninth Circuit Court of Appeals in <em>United States v. Yang</em>, argues that when a U.S. Postal Service inspector used a commercial ALPR database to locate a suspected mail thief, it was a Fourth Amendment search that required a warrant.</p>
<p>ALPRs are <a href="https://www.eff.org/pages/automated-license-plate-readers-alpr">high-speed, computer-controlled camera systems</a>. Some models can photograph up to 1,800 license plates every minute, and every week, law enforcement agencies across the country use these cameras to collect data on millions of license plates. The plate numbers, together with location, date, and time information, are uploaded to a central server, and made instantly available to other agencies. The data include photographs of the vehicle, and sometimes of its drivers and passengers. ALPRs are typically attached to vehicles, such as police cars, or can be mounted on street poles, highway overpasses, or mobile trailers.</p>
<p>One leading commercial database operated by DRN <a href="https://drndata.com/">advertises that it contains 6.5 billion plates</a>. DRN is owned by the same company as Vigilant Solutions, and according to testimony from a Vigilant executive in the <em>Yang </em>case, the Vigilant LEARN database used by the Postal Service to locate the defendant includes all of DRN’s records as well as a wealth of data available only to law enforcement agencies.</p>
<p>If police want to search through ALPR data, we believe they should get a warrant.</p>
<p>In recent years, EFF, the ACLU, and others have called attention to ALPR’s <a href="https://www.eff.org/files/2017/02/22/neal_v._fairfax_pd_-_eff_amicus_brief_file_endorsed.pdf">invasive tracking capabilities</a> and its <a href="https://www.eff.org/deeplinks/2019/03/heres-why-you-cant-trust-what-cops-and-companies-claim-about-automated-license">proliferation across the country</a><span>. We won </span><a href="https://www.eff.org/press/releases/electronic-frontier-foundation-aclu-win-court-ruling-police-cant-keep-license-plate">a major victory</a> when the California Supreme Court agreed with us that the public has a right to know how police use this technology. Starting with <em>Yang</em>, we will be arguing that government use of ALPRs is a search that implicates the Fourth Amendment, and it should require a warrant in routine investigations.</p>
<p>ALPRs scan every car, regardless of whether the individual driver is suspected of criminal activity. Similar to <a href="https://www.eff.org/pages/cell-site-simulatorsimsi-catchers">cell site location information</a> (CSLI) or GPS tracking, ALPR records can paint a picture of where a vehicle and its occupants have traveled—including sensitive and private places like our homes, doctors’ offices, and places of worship. Commercial vendors operate vast databases of ALPR records, and sell database access to not just law enforcement agencies, but private businesses like repo services and insurance companies. Government employees are frequently able to access records generated by cameras mounted on both private and law enforcement vehicles, giving them access to a vast array of location data. That’s why government use of ALPR could lead to invasive tracking, and necessitates safeguards, such as a warrant requirement.</p>
<p>The legal arguments against warrantless ALPR searches are even stronger after a <a href="https://www.eff.org/deeplinks/2018/06/victory-supreme-court-says-fourth-amendment-applies-cell-phone-tracking">landmark ruling</a> from the Supreme Court last June. The Court’s ruling in <em>United States v. Carpenter</em> involved police tracking a suspect using location data obtained from his cellular provider, but much of its reasoning applies to ALPRs as well. For example, Chief Justice Roberts wrote that because nearly everyone uses a cell phone, the government’s tracking ability “runs against everyone,” and “[o]nly the few without cell phones could escape this tireless and absolute surveillance.” ALPR data collection is similarly indiscriminate; anyone who drives on public streets is likely to be tracked and logged in a database available to police.</p>
<p>Roberts also pointed to law enforcement’s ability to retrieve CSLI from years in the past, creating a virtual surveillance time machine which “gives police access to a category of information otherwise unknowable.” ALPR databases, too, facilitate retrospective searches of cars whose drivers were not under suspicion at the time they were photographed by an ALPR camera. As we wrote in our amicus brief in <em>Yang</em>, “The confluence of these factors—detailed location data collection about a vast swath of the American population allowing retrospective searches—is why technologies like ALPRs violate expectations of privacy under the Fourth Amendment.”</p>
<p>We’ll watch to see what the Ninth Circuit does in <em>Yang,</em> and we’ll be making similar arguments in other ALPR cases soon.</p>
</div></div></div>
[EFF] The U.S. Desperately Needs a “Fiber for All” Plan
2019-03-22T17:57:31Z
Ernesto Falcon
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>We have a real, coming broadband access crisis in the United States. <a href="https://www.eff.org/deeplinks/2018/12/new-fcc-data-indicates-future-broadband-access-most-americans-will-be-monopoly">Data from the government</a> and <a href="https://www2.deloitte.com/us/en/pages/consulting/articles/communications-infrastructure-upgrade-deep-fiber-imperative.html">independent analysis show that we are falling behind</a> the world. This crisis comes from the fact that fiber-to-the-home deployment, the alternative to your gigabit cable monopoly (if you even have that choice), is languishing and slowing down across the board.</p>
<p><span>In contrast to the United States, countries around the world are aggressively modernizing their telecommunications infrastructure. They are actively pushing fiber across the board, with advanced Asian markets like South Korea and Japan already finished, and c<a href="https://ec.europa.eu/digital-single-market/en/policies/improving-connectivity-and-access">ountries in the EU heading towards universal access</a> (including their rural markets). <a href="https://rethinkresearch.biz/wp-content/uploads/2018/11/Executive-Summary-Gigabit-Broadband-%E2%80%93-Forecast-and-Report-to-2023.pdf">China is predicted to have more than five times (around 80 percent of households totaling at 193.5 million homes) the U.S. number of fiber gigabit connections by 2023</a>.</span></p>
<p><span>The big difference between the United States and the rest of the advanced economies around the world is that the U.S. is the only country that believes having no plan will solve this issue. We are the only country to completely abandon federal oversight of an uncompetitive, highly concentrated market that sells critical services to all people, yet we expect widely available, affordable, ultra-fast services. But if you live in a low-income neighborhood or in a rural market today, you know very well this is not working and the status quo is going to cement in your local broadband options to either one choice or no choice.</span></p>
<h3><strong><span>This Means 5G Wireless Is Not Going to Reach Most People</span></strong></h3>
<p><span>Congress and the FCC have been obsessing about <a href="https://www.eff.org/deeplinks/2019/02/enough-5g-hype">5G hype</a>, but early estimates are that only about <u>three </u>to <a href="https://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/white-paper-c11-738429.html#_Toc953330">nine percent</a> of the market will have 5G access by 2022. It’s important to remember that, no matter what ISPs try to say about 5G, there is <a href="https://ecfsapi.fcc.gov/file/101269873074/EFF-%20Wireline%20vs%20Wireless.pdf">no real equivalency between fiber to the home and wireless 5G broadband</a>. The two are not direct competitors given the superiority of fiber as a transmission medium.</span></p>
<p><span>The less-spoken truth about 5G networks is that they need dense fiber networks to make them work. One estimate on the amount of fiber investment that needs to occur is as much as <a href="https://www2.deloitte.com/us/en/pages/consulting/articles/communications-infrastructure-upgrade-deep-fiber-imperative.html">$150 billion</a>—including fiber to the home deployments—in the near future, and we are far below that level of commitment to fiber. In other words, resolving the future of high-speed broadband competition with fiber to all Americans (which would help at least <a href="https://www.eff.org/deeplinks/2018/10/heavy-focus-5g-wireless-means-we-are-ignoring-68-million-americans-facing-high">68 million households</a> stuck in monopoly cable markers) also carries the benefit of ensuring that 5G networks can reach all corners of the country as well. </span></p>
<h3><strong><span>Where Things Stand Now Without A Fiber Plan</span></strong><span> </span></h3>
<p><span> <a href="http://www.ppc-online.com/blog/a-mid-year-roundup-of-the-2017-global-ftth-broadband-market">Very small ISPs and local governments</a> with limited budgets are at the frontline of deploying fiber to the home to fix these problems, but policymakers from the federal, state, and local level need to step up and lead. At least <a href="https://muninetworks.org/communitymap">19 states still have laws that prohibit local governments</a> from deploying community broadband projects. Worst yet, both <a href="https://www.eff.org/deeplinks/2018/08/eff-fcc-dont-let-att-and-verizon-get-chokehold-internet-access-competition">AT&T and Verizon are actively asking the FCC to make it even harder for small private ISPs to deploy fiber</a><u>,</u> so that the big incumbents can raise prices and suppress competition, a proposal <u>EFF has urged the FCC to reject.</u></span></p>
<p><span>This is why we need to push our elected officials and regulators for a fiber-for-all-people plan to ensure everyone can obtain the next generation of broadband access. Otherwise, the next generation of applications and services won’t be usable in most of the United States. They will be built instead for markets with better, faster, cheaper, and more accessible broadband. This dire outcome was the central thesis to a <a href="https://yalebooks.yale.edu/book/9780300228502/fiber">recently published book by Professor Susan Crawford (appropriately named Fiber)</a> and EFF agrees with its findings. If American policymakers do not remedy the failings in the US market and actively pursue ways to drive fiber deployment with the goal of universal coverage, then a staggering number of Americans will miss out on the latest innovations that will occur on the Internet because it will be inaccessible or too expensive.</span></p>
<p><span>As a result, we will see a worsening of the digital divide as advances in virtual reality, cloud computing, gaming, education, and things we have not invented yet are going to carry a monopoly price tag for a majority of us—or just not be accessible here. This does not have to be so, but it requires federal, state, and local governments to get to work on policies that promote fiber infrastructure to all people. </span></p>
</div></div></div>
[EFF] This Could Be It: Key Polish Political Party Comes Out Against Article 13
2019-03-22T17:03:08Z
Cory Doctorow
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>With only days to go before the final EU debate and vote on the new Copyright Directive (we're told the debate will be at <a href="https://www.timeanddate.com/worldclock/fixedtime.html?iso=20190327T0800">0900h CET on Tuesday, 26 March</a>, and the vote will happen at <a href="https://www.timeanddate.com/worldclock/fixedtime.html?iso=20190327T1100">1200h CET</a>), things could not be more urgent and fraught. That's why today's <a href="https://twitter.com/MichalBoni/status/1109057398566764544">announcement</a> by Poland's Platformy <span>Obywatelska</span>—the second-largest party in the European People's Party (EPP) bloc—is so important.</p>
<p><span>Platformy </span><span>Obywatelska </span>has said that it will vote to block the entire Copyright Directive unless Article 13—a <a href="https://www.eff.org/deeplinks/2019/03/best-europes-web-went-dark-today-we-cant-let-be-our-future">ground-breakingly terrible Internet law</a> that will <a href="https://www.eff.org/deeplinks/2019/03/european-copyright-directive-what-it-and-why-has-it-drawn-more-controversy-any">lead to widespread filtering</a> of all Europeans' Internet speech, images, and videos—is stricken from the final draft.</p>
<p>EPP, a coalition of European national political parties, is the key backer of Article 13 and the largest party in the European Parliament. Without its support, Article 13 is very unlikely to make it through the final vote.</p>
<p>The EPP is deeply split on the issue. EPP parties from Luxembourg, Sweden and the Czech Republic all oppose the measure, so Poland is in good company.</p>
<p>The other blocs that strongly back Article 13 are the S&D (socialist) and ALDE (liberal) MEPs.</p>
<p><a href="https://pledge2019.eu/en">126 members of the Parliament</a> have expressly pledged to vote against Article 13, and <a href="https://www.change.org/p/european-parliament-stop-the-censorship-machinery-save-the-internet">more than 5,000,000 Europeans have signed a petition against it</a>. This is the largest petition in European history!</p>
<p>It's vital that <a href="http://saveyourinternet.eu/">Europeans contact their MEPs as soon as possible</a> to urge them to vote against Articles 11 and 13.</p>
<p>On Sunday, <a href="https://www.savetheinternet.info/demos">the streets of Europe will be flooded with demonstrators</a> marching against the Directive.</p>
<p>This could be the final battle over the Directive. If it dies in Tuesday's vote, there will be no chance to bring it back before EU elections in May. This is no time to sit on the sidelines. Step up and be heard. They have the money, but we have the people!</p>
<p class="take-action"><a href="https://saveyourinternet.eu/">Take Action</a></p>
<p class="take-explainer">Stop Article 13</p>
</div></div></div>
[EFF] Congress Has a Chance to Finally End the NSA’s Mass Telephone Records Program
2019-03-21T18:56:14Z
Andrew Crocker
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Earlier this month, the New York Times published a <a href="https://www.nytimes.com/2019/03/04/us/politics/nsa-phone-records-program-shut-down.html">major story</a> reporting that the NSA has stopped using the authority to run its massive, ongoing surveillance of Americans’ telephone records. After years of fighting mass surveillance of telephone records, the story may make our jobs easier: NSA has consistently claimed this surveillance was critical to national security. But now it appears that the agency couldn’t properly use the authority Congress granted it in the 2015 USA Freedom Act, so it has simply given up. </p>
<p>Coincidentally, EFF had organized a briefing of congressional staff the day after the Times report on the controversial surveillance law used to conduct telephone record surveillance: Section 215 of the Patriot Act. As we told Congress, it is long past time to end the telephone records program for good. Now, we’ve signed a <a href="https://www.aclu.org/letter/coalition-letter-reuthorization-patriot-acts-section-215">letter</a> to House Judiciary Committee leadership repeating that demand, along with a list of other important reforms we’d like to see before Section 215 and two other Patriot Act provisions expire in December. </p>
<p>The Times story only added to a feeling of unfinished business from the last time Section 215 was set to sunset, in 2015. When Edward Snowden revealed the NSA’s use of Section 215 to conduct its telephone records program, EFF, the ACLU, and others sued to stop it. The courts, Congress, and public opinion seemed to be on our side: The Second Circuit Court of Appeals <a href="https://www.eff.org/deeplinks/2015/05/eff-case-analysis-appeals-court-rules-nsa-phone-records-dragnet-illegal">ruled</a> that the government’s reliance on the law was “unprecedented and unwarranted,” and shortly afterward, Congress passed the USA Freedom Act, which was intended to stop this mass surveillance.</p>
<p>But USA Freedom was <a href="https://www.eff.org/deeplinks/2015/05/usa-freedom-act-passes-what-we-celebrate-what-we-mourn-and-where-we-go-here">incomplete</a><span>:</span> it still allowed the government to conduct suspicionless, ongoing collection of Americans’ telephone records, although under tighter, more specific controls than the program revealed by Snowden. But as information has emerged about how Section 215 has been used (or not used) since the passage of USA Freedom, we have to question even those modest reforms. First, we learned that a law that was supposed to end mass surveillance still allowed the NSA to collect over 500 million telephone records in 2017 alone—a number that sounds a lot like mass surveillance.</p>
<p>In partial explanation of that statistic, the NSA reported last June that it had discovered “technical irregularities,” resulting in overcollection of telephone records. The agency addressed that discovery by <a href="https://www.nytimes.com/2018/06/29/us/politics/nsa-call-records-purged.html">purging</a> <em>all </em>of the records it had collected since the passage of USA Freedom, and the recent New York Times report suggests that rather than addressing these technical irregularities, the government has simply stopped using Section 215 for this purpose. </p>
<p><span>Given this newest chapter in a long, embarrassing history of post-9/11 surveillance, ending the telephone records program is the obvious step for Congress to take. If the NSA can simply delete every single telephone record it has collected since USA Freedom and not even attempt to fix the technical difficulties it encountered, the law authorizing this program should not remain on the books. </span></p>
<p class="pull-quote">If the NSA can simply delete every single telephone record it has collected since USA Freedom and not even attempt to fix the technical difficulties it encountered, the law authorizing this program should not remain on the books. </p>
<p>That is just the beginning of the reforms Congress should be considering, however. Section 215 has become synonymous with the NSA’s database of billions of telephone records, but the law has an entirely different scope than that. Section 215 allows the government to obtain a secret court order requiring third parties, such as Internet providers and financial institutions, to hand over business records or any other “tangible thing” if the Foreign Intelligence Surveillance Court (FISC) deems them “relevant” to an international terrorism, counterespionage, or foreign intelligence investigation. </p>
<p>The Snowden revelations focused attention on the NSA’s tortured interpretation of “relevance” to collect telephone records which it knew to be mostly <em>irrelevant</em>, but defenders of civil liberties and civil rights have worried about the “tangible things” language <a href="https://www.eff.org/deeplinks/2003/10/eff-analysis-provisions-usa-patriot-act">right from the start.</a> Even if Congress entirely outlaws the most well-known use of Section 215, the government will still have the authority to collect “any tangible thing” based on a very loose relevance standard. We still know very little about these other uses of Section 215, and the government is currently mandated to report only bare minimum of data about them.</p>
<p>Congress should hold public hearings on uses of Section 215 to collect information other than telephone records, and investigate whether there are other still-secret uses of the law that would leave Americans “<a href="https://www.aclu.org/blog/national-security/privacy-and-surveillance/sens-wyden-and-udall-weigh-aclu-patriot-act-foia">stunned and angry</a>,” such as targeting individuals based on religion or other First-Amendment–protected activities. Our joint letter to Chairman Nadler details these questions as well as other important transparency reforms that fell by the wayside in the legislative debate around USA Freedom. </p>
<p>Finally, it’s reasonable to wonder what happens if our legislative and executive branches fail to act before Section 215 sunsets at the end of this year. In that case, the law would revert to a <a href="https://www.govinfo.gov/content/pkg/PLAW-105publ272/html/PLAW-105publ272.htm">pre-Patriot Act provision from 1998</a>, which allowed the government to collect only a narrow range of business records (<em>not</em> communications records) only from a limited set of companies such as transportation common carriers and other lodging, storage and vehical facilities, and only if it could make the specific showing that the records belonged to an “agent of a foreign power.” The government might argue that this would be “<a href="https://www.lawfareblog.com/telephony-metadata-contact-chaining-program-unsalvageable">throwing the baby out with the bathwater</a>.” But any surveillance law needs to be justified on its own terms, and the intelligence community <a href="https://www.eff.org/deeplinks/2015/05/dont-worry-government-still-has-plenty-surveillance-power-if-section-215-sunsets">would still have many other powers at its disposal</a>. In order to fully assess what reforms are needed, Congress and the public must know more about how Section 215 is used. Congress should demand those answers from the government now.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases: </div><div class="field__items"><div class="field__item even"><a href="/cases/klayman-v-obama">Klayman v. Obama</a></div><div class="field__item odd"><a href="/cases/first-unitarian-church-los-angeles-v-nsa">First Unitarian Church of Los Angeles v. NSA</a></div><div class="field__item even"><a href="/cases/aclu-v-clapper">ACLU v. Clapper </a></div></div></div>
[EFF] Who Defends Your Data? Report Reveals Peruvian ISPs Progress on User Privacy, Still Room for Improvement
2019-03-21T08:00:01Z
Veridiana Alimonti
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><a href="https://hiperderecho.org/"><span>Hiperderecho,</span></a><span> <span>the leading digital rights organization in Peru, </span>in collaboration with the Electronic Frontier Foundation, <span>today launched </span>its second ¿<a href="https://hiperderecho.org/qdtd2019">Quien Defiende Tus Datos</a>? (</span><i><span>Who Defends Your </span></i><em>Data</em><span>?), <span>an evaluation of the privacy practices of the Internet Service Providers (ISPs) that millions of Peruvians use every day. </span> <span>This year's results are more encouraging than those in 2015's report</span>, with Telefonica's Movistar making significant improvement in its privacy policy, responses to judicial orders, and commitment to privacy. F<span>ive out of the six ISPs now publish specific, detailed policies on how they collect and process personal data. However, the report also revealed that there is plenty of room for improvement, especially when it comes to user notification and Peruvian ISPs' public commitment to privacy. </span> </span><span></span></p>
<p><span>Internet access has grown significantly in Peru in recent years, particularly through mobile networks. Movistar (Telefónica) and Claro (América Móvil) are the main players, making up 70% of the Internet market. For landline connections, these two ISPs connect more than 90% of users in Peru; Movistar alone has 74.4% of them. The report also evaluated four other telecom operators: Bitel, Entel, Olo, and Inkacel. Every day, these users provide these companies with specific information about their movements, routines, and relations - a treasure trove of data for government authorities, who can use unnecessary and disproportionate measures to access it. This constant threat from State authorities demands public awareness and oversight. </span></p>
<p><span>That’s why this new Peru report aims to push companies to counter surv</span><span>eillance measures that are conducted without proper safeguards, and to be transparent about their policies and practices. </span></p>
<p><span>This year’s report, <a href="https://hiperderecho.org/qdtd2019">available in Spanish</a>, evaluated each ISP on five categories:</span></p>
<h4><b>Privacy Policy:</b></h4>
<p><span>To earn a star in this category, a company must have published a privacy policy that is easy to understand. It should inform the reader about what data is collected from them, how long it is stored, and for what purposes. Partial compliance got a partially filled star.<br /></span></p>
<h4><b>Judicial Order:</b><span> </span></h4>
<p><span>Companies earned a star in this category if they require that the government obtain a warrant from a judge before handing over user data (either content or metadata). Compliance with this requirement for the content of communications, but not for metadata, earned a company a half star.</span></p>
<h4><b>User Notification:</b></h4>
<p><span>To earn a star in this category, companies must promise to inform their customers of a government request at the earliest moment permitted by the law.<br /></span></p>
<h4><b>Transparency:</b></h4>
<p><span>This category looked for companies publishing transparency reports about government requests for user data. To earn a full star, the report must provide useful data about how many requests have been received and complied with, and include details about the type of requests, the government agencies that made the requests, the reasons provided by the authority, and describe the guidelines and procedu</span><span>res the company adopts when an authority requests the data. We demanded high standards, but partial compliance gained companies part of a star.<br /></span></p>
<h4><b>Commitment to privacy:</b></h4>
<p><span>This star recognizes companies who have challenged inaccurate or disproportionate access to data requests. It also rewards companies that have publicly taken a position in favor of their users’ privacy before Congress and other regulatory bodies. Partial compliance is rewarded with a half star.</span></p>
<p><span>The chart below ranks the six Peruvian telecommunications companies:</span><br /><br /><img src="/files/styles/large/public/2019/03/19/cuadro_peru_2019.png?itok=I1IjHsnx" alt="" class="image-large" width="480" height="310" /></p>
<p><span>This latest report awards more stars than the </span><a href="https://www.eff.org/deeplinks/2015/11/new-report-shows-which-peruvian-isps-care-about-their-users-privacy"><span>first edition</span></a><span>, which was published in 2015. Now, five out of the six ISPs have published their policies with specific information about the collection and processing of personal data. However, Claro and Entel provide this information using highly technical language, which reduced their score. In order to earn a full star, the information provided must be easily understandable, otherwise it is just a formal measure, with little to no effect in empowering users to fight for their rights. Still, all companies detail how long and for which purposes users’ data is stored. Even Olo, which doesn’t publish a privacy policy, added this information to its regular service provision agreement. </span></p>
<p><span>We also saw progress in the companies’ commitment to demanding a judicial order before handing over data to government authorities. Bitel and Claro were given a half star for explicitly demanding a warrant when the request was for the content of communications. Movistar received a full star for adhering to this commitment for users’ content <em>and</em> metadata. In 2015, only Movistar received any credit in this category, with a half star. </span></p>
<p><span>Movistar also stands out in the transparency category. The company’s annual transparency report outlines how many requests they’ve received and complied with, what types of requests they received, as well as the guidelines and procedures the company follows when an authority requests data. Being transparent about the law enforcement guidelines companies follow is crucial to shedding a light on how companies deal internally with government requests for data. This information allows users to understand how they interpret and apply the legal requirements and whether their procedures follow national and international safeguards. Although Bitel and Claro publish the instances in which they hand user data over to government authorities, they did not go as deeply into detail as Movistar does.</span></p>
<p><span>There is still much work to be done. No company earned a star for a public commitment to speak up for their users’ privacy, either in the courts or in legislative and regulatory bodies. Similarly, none of the six companies commit to notify their customers of a government request at the earliest moment allowed by the law. Peru’s new </span><a href="http://spij.minjus.gob.pe/content/publicaciones_oficiales/img/CODIGOPROCESALPENAL.pdf"><span>Criminal Procedure Code</span></a><span> states that once a judicial measure has been executed and immediate investigations have been carried out, the user affected must be informed of it whenever the investigation object permits the notification, and as long as it does not endanger life or the physical safety of third parties. In turn, no restriction for notice is provided by the controversial </span><a href="https://busquedas.elperuano.pe/normaslegales/decreto-legislativo-que-regula-el-uso-de-los-datos-derivados-decreto-legislativo-n-1182-1268121-1/"><span>Legislative Decree 1182</span></a><span>, which regulates the direct access by police authorities to location data.</span></p>
<p><span>Hiperderecho stressed in the report: “Even if the legal obligation is of the judicial authority’s responsibility, there is much more that companies could do in this context. They can keep a record of the interventions made, promote notification to users after the measure expires or make simultaneous notifications with the authorities (…) in a way that users can enforce their right to go to the courts to request reexamination of the measure or to challenge the decisions issued.” Such proactive measures are particularly important because the law only gives users three business days to challenge these measures.</span></p>
<p><span><span>Hiperderecho's</span> report shows that telecommunications companies are making progress when it comes to complying with the law, but they’re not doing as well as they could. Yet the ¿Quién Defiende Tus Datos? reports, much like EFF’s </span><i><span>Who Has Your Back?</span></i><span> project, are not only about fulfilling established legal rules. Their aim is to push companies to go beyond the requirements of the law. Peru’s companies must do more, and we’ll remain vigilant </span>to ensure that happens<span>. </span></p>
<p><span>The report is part of a series across Latin America and Spain adapted from EFF’s <a href="https://www.eff.org/who-has-your-back-2017">Who Has Your Back?</a> reports. Last year, Spain’s <a href="https://www.eff.org/deeplinks/2018/01/eticas-releases-first-ever-evaluations-spanish-internet-companies-privacy-and">ETICAS Foundation</a>, Argentina’s <a href="https://www.eff.org/deeplinks/2018/03/who-has-your-back-argentina">ADC</a>, Chile’s <a href="https://www.derechosdigitales.org/qdtd/">Derechos Digitales</a>, Brazil’s <a href="http://quemdefendeseusdados.org.br/en/">Internet Lab</a>, and Colombia’s <a href="https://www.eff.org/deeplinks/2018/12/who-has-your-back-colombia-fourth-annual-report-fuels-progress-and-asks-more">Karisma Foundation</a> published their own reports.<br /></span></p>
</div></div></div>
[EFF] The Best of Europe’s Web Went Dark Today. We Can’t Let That Be Our Future.
2019-03-21T00:29:38Z
Danny O'Brien
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>We’re into the final days before members of the European Parliament vote on the Copyright and the Digital Single Market Directive, home of the censoring Article 13, and the anti-news Article 11. Europeans are still urging their MEPs to vote down these articles (if you haven’t already, <a href="https://saveyourinternet.eu/"><em>call now</em></a>, and stepping up the visibility of their complaints in this final week.</p>
<p class="take-action"><a href="https://saveyourinternet.eu/">Take Action</a></p>
<p class="take-explainer">Stop Article 13</p>
<p>The first salvo drawing attention to the damage the directive will cause has come from the European Wikipedias. German Wikipedia has gone completely dark for today, along with <a href="https://wikimediafoundation.org/2019/03/20/four-wikipedias-to-black-out-over-eu-copyright-directive/">the Czech, Slovak and Danish Wikipedias</a>, German OpenStreetMap, and <a href="https://www.blackout21.eu/en/index.html">many more</a>.</p>
<p>With confusing rhetoric, the Directive’s advocates have always claimed that they mean no harm to popular, user-driven sites like Wikipedia and OpenStreetMap. They’ve said that the law is aimed only at big American tech giants, even as drafters have scrambled to address the criticism that it affects <em>all</em> of the Internet. Late in the process, the drafters tried to carve out exceptions for “online encyclopedias,” and the German government and European Parliamentarians fought hard – though ultimately failed – to put in effective exceptions for European start-ups and other competitors.</p>
<p>Very few of the organizations and communities for whom these exceptions are meant to protect are happy with the end result. The Wikimedia Foundation, which worked valiantly to improve the Directive over its history, came out last week and declared that it <a href="https://wikimediafoundation.org/2019/02/28/we-do-not-support-the-eu-copyright-directive-in-its-current-form-heres-why-you-shouldnt-either/">could not support its final version</a>. Even though copyright reform is badly needed online, and Wikipedians fought hard to include positive fixes in the rest of the Directive, Article 13 and Article 11 have effectively undermined all of those positive results.</p>
<p>As Wikimedia’s <a href="https://wikimediafoundation.org/2019/02/28/we-do-not-support-the-eu-copyright-directive-in-its-current-form-heres-why-you-shouldnt-either/">experts write</a>:</p>
<blockquote><p>Despite some good intentions, the wholly problematic inclusion of Articles 11 and 13 mean that fundamental principles of knowledge sharing are overturned: in practice users and projects will have to prove they are allowed to share knowledge before a platform permits an upload. The EU Copyright Directive envisions a technical and legal infrastructure that treats user generated content with suspicion unless proved legal. We cannot support this—it is better to have no reform at all, than to have one including these toxic provisions.</p>
</blockquote>
<p>The European lawmakers who see Article 13 and Article 11 as a simple fix for the woes of entertainment and news media companies still don’t get that the Internet isn’t a competing “industry” – it’s an ecosystem. Companies like Google and Facebook are certainly supported by that ecosystem – but so too are the billions of individuals, thousands of European companies, families, and ad-hoc communities of creators, coders, and services. As Wikimedia says, this Directive turns the simplest basic actions of those Internet users - sharing and linking - suspect. Websites must check everything that users upload, because if they upload something that another person decided is their own, the website can be liable for unbounded costs. If Article 11 passes, everyone will have to make a legal assessment when linking to the news, out of fear the text accompanying their link contains one too many words, and triggers Article 11’s licensing requirements.</p>
<p>The sites that are shutting down today in protest are, without question, sites that are home to European creators: the very people that Article 13 and 11 adherents claim to be protecting. That these parts of the European creative community are so concerned about their own future, and the wider ecology of the Net, should be a giant, flashing, warning sign to all MEPs.</p>
<p>If you’re in Europe, <a href="https://saveyourinternet.eu/">contact your MEP</a>, and <a href="https://savetheinternet.info/demos">join the protests</a> this weekend. The future doesn’t have to be as dark as it looks today.</p>
</div></div></div>
[EFF] More Than 130 European Businesses Tell the European Parliament: Reject the #CopyrightDirective
2019-03-20T13:09:44Z
Cory Doctorow
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>The EU's Copyright Directive will be voted on in the week of March 25 (our sources suggest the vote will take place on March 27th, but that could change); the Directive has been controversial all along, but it took a turn for the catastrophic <a href="https://www.eff.org/deeplinks/2019/02/final-version-eus-copyright-directive-worst-one-yet">during the late stages of the negotiation</a>, which yielded a final text that is alarming in its potential consequences for all internet activity in Europe and <a href="https://www.eff.org/deeplinks/2018/09/why-whole-world-should-be-arms-about-eus-looming-internet-catastrophe">around the world</a>.</p>
<p>More than 5,000,000 Europeans have <a href="https://www.change.org/p/european-parliament-stop-the-censorship-machinery-save-the-internet">signed a petition</a> against Article 13 of the Directive, and there has been outcry from <a href="https://www.eff.org/deeplinks/2018/06/internet-luminaries-ring-alarm-eu-copyright-filtering-proposal">eminent technical experts</a>, the <a href="https://www.techdirt.com/articles/20190312/11132541783/un-human-rights-expert-warns-eu-not-to-pass-article-13.shtml">United Nations' special rapporteur on free expression</a>, and many other quarters.</p>
<p>Now, a coalition of more than 130 EU businesses have entered the fray, led by file storage service NextCloud. Their letter to the European Parliament calls Article 13—which will lead to mass adoption of copyright filters for online services that will monitor and block user-submitted text, audio, video and images—a "dangerous experiment with the core foundation of the Internet’s ecosystem." They also condemn Article 11, which will allow news publishers to decide who can quote and link to news stories and charge for the right to do so.</p>
<p>Importantly, they identify a key risk of the Directive, which is that it will end up advantaging US Big Tech firms that can afford monitoring duties, and that will collect "massive amounts of data" sent by Europeans.</p>
<p>March 21st is an EU-wide day of action on the Copyright Directive, with <a href="https://www.blackout21.eu/en/index.html">large site blackouts planned</a> (including German Wikipedia), and on March 23, there will be <a href="https://www.savetheinternet.info/demos">mass demonstrations across the EU</a>. Things are getting down to the wire here, folks.</p>
<p>Here's the text of the letter; you can find the original, with the full list of signatories, <a href="https://nextcloud.com/blog/130-eu-businesses-sign-open-letter-against-copyright-directive-art-11-13/">here</a>.</p>
<p>The companies signing this letter to the European Parliament are urging you to vote against Articles 11 and 13 of the proposed copyright directive. The text of the trilogue agreement would harm the European economy and seriously undermine the ability of European businesses to compete with big Internet giants like Google.</p>
<p>We support the goal of the legislation to protect the rights of creators and publishers, but the proposed measures are inadequate to reap these benefits and also fail to strike a fair balance between creators and all other parts of society. The success of our business enterprises will be seriously jeopardized by these heavy-handed EU regulations.</p>
<p>Especially Article 13 is dangerously experimenting with the core foundation of the Internet’s ecosystem. Making companies directly liable for the content of their users forces these businesses to make billions of legal decisions about the legality of content. Most companies are neither equipped nor capable of implementing the automatic content filtering mechanisms this requires, which are expensive and prone to error.</p>
<p>Article 11 is creating a completely new intellectual property right for press publishers. The experience with similar laws in Germany and Spain raises serious doubts about the expected benefits, while the negative impact would be very real. An additional layer of exclusive rights would make it harder to clear the necessary legal hurdles to start new projects. It will make entrepreneurs more hesitant to just launch new projects. Europe would lose any chance to play a significant role on the world stage. Startups that build services based on aggregated online information would go out of business, and every company that publishes press summaries of their appearance in the media would be in violation of this law.</p>
<p>Although the purpose of these regulations is to limit the powers of big US Internet companies like Google or Facebook, the proposed legislation would end up having the opposite effect. Article 13 requires filtering of massive amounts of data, requiring technology only the Internet giants have the resources to build.</p>
<p>European companies will be thus forced to hand over their data to them, jeopardizing the independence of the European tech industry as well as the privacy of our users. European companies like ours will be hindered in their ability to compete or will have to abandon certain markets completely.</p>
<p>Given all of these issues it is noteworthy that the final trilogue agreement lacks meaningful safeguards for small and medium enterprises. The broad scope of this law would most likely lead to less new companies being founded in Europe and existing companies moving their headquarters out of Europe. For all those reasons we urge every pro-Startup politician to vote against Article 11 and Article 13.</p>
<p><span>We hope EU lawmakers hear the concerns of these businesses and take them to heart. If you live in the EU, consider taking part in the day of action on March 21; and contact your MEP right now. </span></p>
<p class="take-action"><a href="https://saveyourinternet.eu/">Take Action</a></p>
<p class="take-explainer"><a href="https://saveyourinternet.eu/">Stop Article 13</a></p>
</div></div></div>
[EFF] EFF Submits Consumer Data Privacy Comment to the California Attorney General
2019-03-19T21:33:45Z
Hayley Tsukayama
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>The California Consumer Privacy Act (CCPA) requires the California Attorney General to take input from the public on regulations to implement the law, which does not go into effect until 2020.</p>
<p>The Electronic Frontier Foundation has filed comments on two issues: first, how to verify consumer requests to companies for access to personal information, and for deletion of that information; and second, how to make the process of opting out of the sale of data easy, using the framework already in place for the Do Not Track (DNT) system.</p>
<h3>Verification of Requests</h3>
<p>When it comes to verifying requests that users make of businesses to access their own data, EFF asked the Attorney General to carefully balance the interest of the consumer in obtaining their own personal information without undue delay or difficulty, with their interest in avoiding theft of their private data by people who might make fraudulent CCPA requests for data.</p>
<p>If a consumer already has a password-protected account, the Attorney General should mandate use of that password to verify the account. Further, the business must ensure that the requester really knows the password, and didn’t just steal a laptop with an open app, by requiring the requester to log out of the account and present the password again. The AG should also encourage, but not require, two-factor authentication as a form of verification in cases where doing so poses no risk to the user.</p>
<p>If a consumer does not have a password, the company must be as certain as is reasonably possible that the requester is the subject of the personal information being requested.</p>
<h3>Opting Out of Sales</h3>
<p>We also encourage the Attorney General to rely on the existing <a href="https://www.eff.org/issues/do-not-track">Do Not Track (DNT)</a> system when issuing rules about consumer requests to opt-out of data sales. The DNT system combines a technology (a browsing header that announces the user prefers not to be tracked online) with a policy framework (how companies should respond to that signal).</p>
<p>The DNT header is already widely supported by most major web browsers, including Google Chrome, Mozilla Firefox, and Opera. EFF proposes that the Attorney General require any business that interacts with consumers directly over the Internet to treat a browser’s DNT request as a request to opt-out of data collection.</p>
<p>We thank the Attorney General’s office for the opportunity to comment on CCPA regulations, and look forward to making further comments about consumer data privacy.</p>
<p>To read EFF’s comments in full, please click <a href="https://www.eff.org/document/eff-consumer-data-privacy-comment-california-attorney-general">here</a>.</p>
</div></div></div>
[EFF] The European Copyright Directive: What Is It, and Why Has It Drawn More Controversy Than Any Other Directive In EU History?
2019-03-19T17:34:22Z
Cory Doctorow
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>During the week of March 25, the European Parliament will hold the final vote on the Copyright Directive, the first update to EU copyright rules since 2001; normally this would be a technical affair watched only by a handful of copyright wonks and industry figures, but the Directive has become the most controversial issue in EU history, literally, with <a href="https://www.change.org/p/european-parliament-stop-the-censorship-machinery-save-the-internet">the petition opposing it</a> attracting more signatures than any other petition in change.org’s history.</p>
<h3>How did we get here?</h3>
<p>European regulations are marathon affairs, and the Copyright Directive is no exception: it had been debated and refined for years, and as of spring 2017, it was looking like all the major points of disagreement had been resolved. Then all hell broke loose. Under the leadership of German Member of the European Parliament (MEP) Axel Voss, acting as "rapporteur" (a sort of legislative custodian), two incredibly divisive clauses in the Directive (Articles 11 and 13) were reintroduced in forms that had already been discarded as unworkable after expert advice. Voss's insistence that Articles 11 and 13 be included in the final Directive has been a flashpoint for public anger, <a href="https://www.eff.org/deeplinks/2019/02/german-french-deal-rescue-eu-copyright-directive-everyone-hates-it-everyone">drawing criticism</a> from the world's top technical, copyright, journalistic, and human rights experts and organizations.</p>
<h3>Why can no one agree on what the Directive actually means?</h3>
<p>"Directives" are rules made by the European Parliament, but they aren't binding law—not directly. After a Directive is adopted at the European level, each of the 28 countries in the EU is required to "transpose" it by passing national laws that meet its requirements. The Copyright Directive has lots of worrying ambiguity, and much of the disagreement about its meaning comes from different assumptions about what the EU nations do when they turn it into law: for example, Article 11 (see below) allows member states to ban links to news stories that contain more than a word or two from the story or its headline, but it only <em>requires</em> them to ban links that contain more than "brief snippets"—so one country might set up a linking rule that bans news links that reproduce <em>three words</em> of an article, and other countries might define "snippets" so broadly that very little changes. The problem is that EU-wide services will struggle to present different versions of their sites to people based on which country they're in, and so there's good reason to believe that online services will converge on the most restrictive national implementation of the Directive.</p>
<p class="take-action"><a href="https://saveyourinternet.eu/">Take Action</a></p>
<p class="take-explainer"><a href="https://saveyourinternet.eu/">Stop Article 13</a></p>
<h3>What is Article 11 (The "Link Tax")?</h3>
<p>Article 11 seeks to give news companies a negotiating edge with Google, Facebook and a few other Big Tech platforms that aggregate headlines and brief excerpts from news stories and refer users to the news companies' sites. Under Article 11, text that contains more than a "snippet" from an article are covered by a new form of copyright, and must be licensed and paid by whoever quotes the text, and while each country can define "snippet" however it wants, the Directive does not stop countries from making laws that pass using as little as three words from a news story.</p>
<h3>What's wrong with Article 11/The Link Tax?</h3>
<p>Article 11 has a lot of <b>worrying ambiguity</b>: it has a very vague definition of "news site" and leaves the definition of "snippet" up to each EU country's legislature. Worse, the final draft of Article 11 <b>has no exceptions to protect small and noncommercial services</b>, including Wikipedia but also your personal blog. The draft doesn’t just give news companies the right to charge for links to their articles—it also <b>gives them the right to ban linking to those articles altogether</b>, (where such a link includes a quote from the article) so sites can threaten <b>critics writing about their articles</b>. Article 11 will also <b>accelerate market concentration in news media</b> because <b>giant companies will license the right to link to each other</b> but not to <b>smaller sites</b>, who will not be able to point out deficiencies and contradictions in the big companies' stories.</p>
<h3>What is Article 13 ("Censorship Machines")?</h3>
<p>Article 13 is a fundamental reworking of how copyright works on the Internet. Today, online services are not required to check everything that their users post to prevent copyright infringement, and rightsholders don't have to get a court order to remove something they view as a copyright infringement—they just have to send a "takedown notice" and the services have to remove the post or face legal jeopardy. Article 13 removes the protection for online services and relieves rightsholders of the need to check the Internet for infringement and send out notices. Instead, it says that online platforms have a duty to ensure that none of their users infringe copyright, period. <b>Article 13 is the most controversial part of the Copyright Directive.</b></p>
<h3>What's a "copyright filter?"</h3>
<p>The early versions of Article 13 were explicit about what online service providers were expected to do: they were supposed to implement "copyright filters" that would check every tweet, Facebook update, shared photo, uploaded video, and every other upload to see if anything in it was similar to items in a database of known copyrighted works, and block the upload if they found anything too similar. Some companies have already made crude versions of these filters, the most famous being YouTube's "ContentID," which blocks videos that match items identified by a small, trusted group of rightsholders. <b><a href="https://juliareda.eu/2018/11/eu-council-upload-filters/">Google has spent $100m on ContentID so far</a></b>.</p>
<h3>Why do people hate filters?</h3>
<p>Copyright filters are very controversial. <b>All but the crudest filters cost so much that only the biggest tech companies can afford to build them</b>—and most of those are US-based. What's more, filters are notoriously inaccurate, prone to <a href="https://boingboing.net/2018/09/05/mozart-bach-sorta-mach.html">overblocking</a> <a href="https://www.bbc.com/news/technology-42580523">legitimate</a> <a href="https://musically.com/2012/02/28/rumblefish-under-fire-for-birdsong-copyright-claim/">material</a>—and lacking in checks and balances, making it easy for <a href="https://www.youtube.com/embed/NHCu59hSkQ4">censors</a> to remove material <a href="https://www.youtube.com/embed/diyZ_Kzy1P8">they disagree with</a>. Filters assume that the people who claim copyrights are telling the truth, <a href="https://arstechnica.com/tech-policy/2012/08/how-youtube-lets-content-companies-claim-nasa-mars-videos/">encouraging laziness and sloppiness</a> that catches a lot of dolphins in the tuna-net.</p>
<h3>Does Article 13 require "filters?"</h3>
<p>Axel Voss and other proponents for Article 13 removed references to filters from the Directive in order to win a vote to remove them in the European Parliament. But the new text of Article 13 still demands that the people who operate online communities somehow examine and make copyright assessments about <em>everything</em>, hundreds of billions of social media posts and forum posts and video uploads. <b>Article 13 advocates say that filters aren't required</b>, but when challenged, <b>not one has been able to explain how to comply with Article 13 without using filters</b>. Put it this way: if I pass a law requiring you to produce a large African mammal with four legs, a trunk, and tusks, <b>we definitely have an elephant in the room</b>.</p>
<h3>Will every online service need filters?</h3>
<p>Europe has a thriving tech sector, composed mostly of "small and medium-sized enterprises" (SMEs), and the politicians negotiating the Directive have been under enormous pressure to protect these Made-In-Europe firms from a rule that would wipe them out and turn over <b>permanent control over Europe's Internet to America's Big Tech</b> companies. The <a href="https://www.eff.org/deeplinks/2019/01/german-government-abandons-small-businesses-worst-parts-eu-copyright-directive">political compromise that was struck</a> makes a nod to protecting SME's but <b>ultimately dooms them</b>. The new rules grant partial limits on copyright liability <b>only for the first three years of an online service's existence</b>, and even these limits are mostly removed once a firm attains over 5m in unique visitors (an undefined term) in a given month, and <b>once a European company hits annual revenues (not profits!) of €10m, it has all the same obligations as the biggest US platforms</b>. That means that <b>the 10,000,001st euro a company earns comes with a whopping bill for copyright filters.</b> There are other, vaguer exemptions for not-for-profit services, but without a clear description of what they would mean. As with the rest of the law, it will depend on how each individual country implements the Directive. France’s negotiators, for example, made it clear that they believe no Internet service should be exempted from the Article’s demands, so we can expect their implementation to provide for the narrowest possible exemption. Smaller companies and informal organizations will have to prepare to lawyer up in these jurisdictions because that’s where rightsholders will seek to sue. A more precise, and hopefully equitable, solution could finally be decided by the European Court of Justice, but such suits will take years to resolve. Both the major rightsholders and Big Tech will strike their own compromise license agreements outside of the courts, and both will have an interest in limiting these exceptions, so it will come down to those same not-for-profit services or small companies to spend the costs required to win those cases and live in legal uncertainty until they have been decided.</p>
<p class="take-action"><a href="https://saveyourinternet.eu/">Take Action</a></p>
<p class="take-explainer"><a href="https://saveyourinternet.eu/">Stop Article 13</a></p>
<h3>What about "licenses" instead of "filters"?</h3>
<p>Article 13 only requires companies to block infringing uses of copyrighted material: Article 13 advocates argue that online services won't need to filter if they license the catalogues of big entertainment companies. But almost all creative content put online (from this FAQ to your latest tweet) is instantly and automatically copyrighted. Despite what EU lawmakers believe, we don’t live in a world where a few large rightsholders control the copyright of the majority of creative works. <b>Every Internet user is a potential rightsholder</b>. All three billion of them. Article 13 doesn't just require online services to police the copyrights of a few giant media companies; it covers everyone, meaning that a small forum for dog fanciers would have to show it had made "best efforts" to license photos from other dog fancier forums that their own users might report—every copyright holder is covered by Article 13. Even if an online platform could license all the commercial music, books, comics, TV shows, stock art, news photos, games, and so on (and assuming that media companies would sell them these licenses), they would still somehow have to make "best effort" to license other user's posts or stop their users from reposting them.</p>
<h3>Doesn't Article 13 say that companies shouldn't overblock?</h3>
<p>Article 13 has some language directing European countries to make laws that protect users from false copyright takedowns, but while EU copyright sets out financial damages for people whose copyrights are infringed, <b>you aren't entitled to anything if your legitimate posts are censored</b>. So if a company like Facebook, which sees billions of posts a day, accidentally blocks one percent of those posts, that would mean that <b>it would have to screen and rule on millions of users' appeals every single day</b>. If Facebook makes those users wait for days or weeks or months or years for a ruling, or if it hires moderators who make hasty, sloppy judgments, or both, Article 13 gives those users no rights to demand better treatment, and even the minimal protections under Article 13 can be waved away by platforms through a declaration that users' speech was removed because of a "terms of service violation" rather than a copyright enforcement.</p>
<h3>Do Article 13's opponents only want to "save the memes?"</h3>
<p>Not really. It's true that filters—and even human moderators—would struggle to figure out when a meme crosses the line from "fair dealing" (a suite of European exceptions to copyright for things like parody, criticism and commentary) into infringement, but "save the memes" is mostly a catchy way of talking about all the things that filters struggle to cope with, especially <b>incidental use</b>. If your kid takes her first steps in your living room while music is playing in the background, the "incidental" sound could trigger a filter, meaning you couldn't share an important family moment with your loved ones around the world. Or if a news photographer takes a picture of police violence at a demonstration, or the aftermath of a terrorist attack, and that picture captures a bus-ad with a copyrighted stock-photo, that incidental image might be enough to trigger a filter and block this incredibly newsworthy image in the days (or even weeks) following an event, while the photographer waits for a low-paid, overworked moderator at a big platform to review their appeal. It also affects independent creators whose content is used by established rightsholders. Current filters frequently block original content, uploaded by the original creator, because a news service or aggregator subsequently used that content, and then asserted copyright over it. (Funny story: MEP Axel Voss claimed that AI can distinguish memes from copyright infringement on the basis that a Google image search for "memes" displays a bunch of memes)</p>
<h3>What can I do?</h3>
<p>Please <a href="https://saveyourinternet.eu">contact your MEP</a> and tell them to vote against the Copyright Directive. The Copyright Directive vote is practically the last thing MEPs will do before they head home to start campaigning for EU elections in May, so they're very sensitive to voters right now! And on March 23, <a href="https://www.savetheinternet.info/demos">people from across Europe are marching</a> against the Copyright Directive. The pro-Article 13 side has the money, but we have the people!</p>
<p class="take-action"><a href="https://saveyourinternet.eu/">Take Action</a></p>
<p class="take-explainer"><a href="https://saveyourinternet.eu/">Stop Article 13</a></p>
</div></div></div>
[EFF] Here’s Why You Can’t Trust What Cops and Companies Claim About Automated License Plate Readers
2019-03-19T17:32:55Z
Dave Maass
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><h4>Emails Prove ICE Could Access Data from Orange County Shopping Malls, Despite the Companies' Denials</h4>
<p><span></span></p>
<p><span>In response to an </span><a href="https://www.aclunc.org/blog/documents-reveal-ice-using-driver-location-data-local-police-deportations"><span>ACLU report</span></a><span> on how law enforcement agencies share information collected by automated license plate readers (ALPRs) with Immigration and Customs Enforcement, officials have been quick to </span><a href="https://www.mercurynews.com/2019/03/13/union-city-disputes-aclu-report-that-its-police-shares-data-with-ice/"><span>deny</span></a><span> <a href="https://www.fresnobee.com/news/local/article228102949.html">and</a> </span><a href="https://westfaironline.com/111869/aclu-police-ice-illegal-immigrants/"><span>obfuscate</span></a><span> despite documentary evidence obtained directly from ICE itself through a Freedom of Information Act lawsuit</span></p>
<p><span>Let’s be clear: you can’t trust what ALPR company Vigilant Solutions and its clients say. It’s time for higher authorities to conduct an audit.</span></p>
<p><span>Through </span><a href="https://www.eff.org/pages/automated-license-plate-reader-dataset"><span>years of research</span></a><span> spanning California (and beyond), EFF has discovered that agencies that access ALPR data are </span><a href="https://www.eff.org/deeplinks/2016/04/here-are-79-policies-california-surveillance-tech-where-are-other-90"><span>often</span></a> <a href="https://www.eff.org/deeplinks/2018/07/county-welfare-office-violated-accountability-rules-while-surveilling-benefits"><span>ignorant</span></a><span> or </span><a href="https://www.documentcloud.org/documents/5771283-FTB-SB-34-Compliance.html"><span>noncompliant</span></a><span> when it comes to the transparency and accountability requirements of </span><a href="https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=CIV&division=3&title=1.81.23.&part=4.&chapter=&article="><span>state law</span></a><span>. Furthermore, their agreements with the vendor Vigilant Solutions often include </span><a href="https://www.documentcloud.org/documents/4618380-ITEM-4-Contract-No-DP81191041-FY-16-17.html#document/p9/a443654"><span>“non-disparagement” and “non-publication”</span></a><span> clauses that contractually bind them to Vigilant Solutions’ “media messaging” and prevent agencies from speaking candidly with the press. Meanwhile, training materials created by Vigilant Solutions explicitly recommend that police </span><a href="https://www.documentcloud.org/documents/5081028-PRA-LPR-Redacted.html#document/p110/a465942"><span>leave ALPR out of its reports</span></a><span> whenever possible. </span></p>
<p><span>But documents obtained as part of the ACLU’s lawsuit brings another factor into play: sometimes the claims are just jaw-droppingly inaccurate. </span></p>
<p><a href="https://www.documentcloud.org/documents/5771284-ICE-Email-Re-NVLS-Inquiry-With-La-Habra.html"><span>One email</span></a><span> in particular shows exactly how ICE could access data collected at shopping malls through a </span><a href="https://www.dhs.gov/state-and-major-urban-area-fusion-centers"><span>regional fusion center</span></a><span>, despite the mall operator and Vigilant Solutions’ repeated denials that it was happening. </span></p>
<p><span>For background: </span><a href="https://www.eff.org/pages/automated-license-plate-readers-alpr"><span>ALPR is a technology</span></a><span> that allows law enforcement and private companies to track the travel patterns of drivers, through networks of cameras that record license plates, along with time, date and location. That information is uploaded to a database that users can search to find out where a vehicle travelled, reveal what vehicles visited particular locations, and receive real-time alerts on vehicles added to watch lists. It is a mass surveillance technology that captures information on everyone, regardless of whether their vehicle is tied to an investigation.</span></p>
<p><span>Last summer, EFF volunteer Zoe Wheatcroft, a high school student in Mesa, Ariz., discovered a curious document on a website belonging to the Irvine Company, a real estate developer based in Orange County. The document showed that private security patrols were using ALPR to gather data on customers at Irvine Company-owned shopping malls . As </span><a href="https://www.eff.org/deeplinks/2018/07/california-shopping-centers-are-spying-ice-contractor"><span>EFF reported</span></a><span>, Irvine Company then transferred that information to Vigilant Solutions, a controversial ALPR vendor well-known for </span><a href="https://www.theverge.com/2018/1/26/16932350/ice-immigration-customs-license-plate-recognition-contract-vigilant-solutions"><span>selling data to ICE</span></a><span>. </span></p>
<p><span>We asked the mall operator, Irvine Company, to explain itself, but it refused to answer questions. However, after EFF published its report, Irvine Company </span><a href="https://www.ocregister.com/2018/07/11/your-license-plate-data-from-these-3-shopping-centers-can-be-shared-with-police-not-ice-says-irvine-co/"><span>told reporters</span></a><span> ALPR data was not shared with ICE, but only three local police departments. Then Vigilant Solutions issued a </span><a href="https://www.documentcloud.org/documents/5771285-Vigilant-Solutions-to-EFF-Stop-Creating-Fake.html"><span>press release</span></a><span> saying “the entire premise of the article is false,” and accused EFF of “creating fake news.” Vigilant Solutions also demanded we retract the post and apologize, saying that it was </span><a href="https://www.eff.org/deeplinks/2018/07/eff-responds-vigilant-solutions-accusations-about-eff-alpr-report"><span>“evaluating potential legal claims” against EFF</span></a><span>. </span></p>
<p><span>What they wouldn’t say publicly is that within within two weeks, Irvine Company quietly terminated its whole ALPR program. EFF only learned of this six months later from Irvine Company directly, but the company’s spokesperson refused to tell us the motivation behind ending the surveillance, beyond it being a business decision. </span></p>
<h3>What Really Happened in Orange County</h3>
<p><span>EFF began to investigate Irvine’s Claims that its ALPR data from the shopping malls was tightly controlled and could never be shared with ICE. We filed public records requests with the police department that Irvine Company said were the only agencies allowed to access the data. None of them were able to produce any documentation limiting data sharing</span><span>—</span><span>or indeed any limitations at all on data could be used or shared. </span></p>
<p><span>Then, earlier this year, the ACLU received more than </span><a href="https://www.documentcloud.org/documents/5771358-ACLU-ICE-VIGILANT-DOCS.html"><span>1,800 pages</span></a><span> of ICE records about the agency’s use of ALPR and Vigilant Solutions’ technology. Buried in the set is an email exchange that shows unequivocally that ICE accessed the Irvine Company’s shopping center data just months before EFF’s report. </span></p>
<p><a href="https://www.documentcloud.org/documents/5771284-ICE-Email-Re-NVLS-Inquiry-With-La-Habra.html"><span>According to the records</span></a><span>: In October 2017, an official with Homeland Security Investigations, an arm of ICE, sent an email to a detective with the La Habra Police Department, who was working out of the regional “</span><a href="https://www.eff.org/deeplinks/2014/04/why-fusion-centers-matter-faq"><span>fusion center</span></a><span>,” the Orange County Intelligence Assessment Center. The ICE HSI specialist asked the detective to run a license plate for them, with no explanation of the purpose of the search, even though documenting a purpose is </span><a href="https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV&sectionNum=1798.90.52."><span>required by California law</span></a><span>. </span></p>
<p><span>A few hours laters, the La Habra detective responded with a PDF attachment exported from Vigilant Solutions’ LEARN software that included the plate scans: </span></p>
<p><span>"i attached the report... there are a LOT of scans, most of them from fashion island security.. he spends a lot of time parked there.."</span></p>
<p><img src="/files/2019/03/19/lahabra.png" alt="" width="734" height="286" /></p>
<p><span>This email wasn’t just the smoking gun: it was the bullet. The document demonstrates that data could be transferred to ICE</span></p>
<p><i><span>What They Claimed: </span></i><span>The Irvine Company said the data was only shared with the Irvine, Newport and Tustin police departments. “We have been assured through conversations with Vigilant that only those police departments are receiving information,” a spokesperson told the </span><a href="https://www.ocregister.com/2018/07/11/your-license-plate-data-from-these-3-shopping-centers-can-be-shared-with-police-not-ice-says-irvine-co/"><span>Orange County Register</span></a><span>. Vigilant Solutions backed up the claim, writing “As Irvine Company has stated, it is shared with select law enforcement agencies to ensure the security of mall patrons.”</span></p>
<p><b><i>What the Emails Actually Show: </i></b>A La Habra Police detective had access to mall data through the fusion center. Neither La Habra nor OCIAC are one of the three agencies the data access was supposed to be limited to. This raises the question, who else had access to the data? As a fusion center, OCIAC exists to facilitate the exchange of information across agencies. “Intelligence processes—through which information is collected, integrated, evaluated, analyzed, and disseminated—are a primary focus” of the fusion center, according to <a href="https://ociac.ca.gov/default.aspx/MenuItemID/289/MenuGroup/Public+Home.htm">OCIAC’s website</a>.</p>
<p><i><span>What They Claimed:</span></i><span> In its press release, Vigilant said, “These law enforcement agencies do not have the ability in Vigilant Solutions’ system to electronically copy this data or share this data with other persons or agencies, such as ICE.”</span></p>
<p><b><i>What the Emails Actually Show:</i></b> Within hours of receiving the request from ICE, the La Habra Detective was easily able to copy the data as a PDF and share it with ICE via email.</p>
<p><span>EFF reached out both to Irvine Company and Vigilant Solutions prior to publishing this report. Irvine Company would only confirm the date that it stopped the ALPR program, but would provide no further information. Motorola Solutions, which acquired Vigilant Solutions earlier this year sent the following statement: </span></p>
<blockquote><p><span></span><span>We are aware of the ACLU of Northern California's recent report on license plate recognition data and assertions regarding data access by the Irvine Company. The referenced incident predates Motorola Solutions' ownership of Vigilant Solutions, and we are currently working with Vigilant to assess the situation in greater detail.</span></p>
<p><span>Motorola Solutions is committed to the highest standard of integrity and data protection, which includes ensuring that vehicle location data is accessed only by authorized law enforcement agencies in accordance with applicable laws and industry standards. We also are committed to working with our customers and partners to ensure that use of vehicle location data hosted in our database is appropriately safeguarded to minimize the potential for misuse by any person.</span></p>
<p><span>Motorola Solutions deeply respects individual privacy rights and is committed to mitigating privacy risks associated with data collection, use and storage. </span></p>
</blockquote>
<p><span>Considering the historic wall of secrecy maintained by Vigilant Solutions and its clients, we believe it is time for a more thorough accounting than just an internal review. We urge the California legislature and the state auditor to investigate Vigilant Solutions and its government clients to find out the truth about how our data is shared with ICE and other agencies and whether these law enforcement agency are violating state laws regulating the use of this mass surveillance technology. </span></p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases: </div><div class="field__items"><div class="field__item even"><a href="/cases/automated-license-plate-readers">Automated License Plate Readers (ALPR)</a></div></div></div>
[EFF] Why the Debate Over Privacy Can't Rely on Tech Giants
2019-03-16T00:42:12Z
India McKinney
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Ever since the Cambridge Analytica scandal last summer, consumer data privacy has been a hot topic in Congress. The witness table has been dominated by the biggest platforms, with those in lockstep with the tech giants earning the vast majority of attention. However, this week marked the first time that opposing views had a chance to fight back. <span>The Senate Judiciary committee held a hearing called <a href="https://www.judiciary.senate.gov/meetings/gdpr-and-ccpa-opt-ins-consumer-control-and-the-impact-on-competition-and-innovation">GDPR & CCPA: Opt-ins, Consumer Control, and the Impact on Competition and Innovation</a>, and unlike <a href="https://www.eff.org/deeplinks/2019/02/more-consumer-data-privacy-hearings-without-enough-consumer-data-privacy-advocates">previous</a> <a href="https://www.eff.org/deeplinks/2019/03/congress-invites-industry-advocates-hearings-industry-talking-points-ensue">hearings</a>, this hearing featured two groups of panelists with contradictory viewpoints.</span></p>
<p><span>While we still call for a panel that puts consumer advocates and tech giants at the same table to discuss consumer privacy, we appreciate that Judiciary Chair Sen. Lindsey Graham included representatives from DuckDuckGo and Mapbox to discuss how they are able to run successful businesses while also respecting user privacy. It’s clear after this hearing that companies who deliberately over-collect data and sidestep user privacy are making a business choice, and they could choose to operate differently.</span></p>
<p><strong><span>Privacy Can Be Good for Business </span></strong></p>
<p><span>In his opening statement, CEO and Founder of DuckDuckGo <a href="https://www.judiciary.senate.gov/download/weinberg-testimony">Gabriel Weinberg</a> said that, “Privacy legislation is not anti-advertising…[our] ads won’t follow [the user] around, because we don’t know who you are, where you’ve been, or where you go. It’s <a href="https://en.wikipedia.org/wiki/Contextual_advertising">contextual advertising</a> versus <a href="https://en.wikipedia.org/wiki/Behavioral_retargeting">behavioral advertising</a>.” Press investigations have exposed, time and again, that large tech companies will often choose their profits over your privacy. This underscores the need for stronger privacy laws across the country, and it helps to have another tech CEO tell the Senate that well-drafted privacy legislation can spur more competition and innovation.</span></p>
<p><span>In fact, Sen. Graham immediately followed up on this point, asking Google’s Senior Privacy Counsel, <a href="https://www.judiciary.senate.gov/imo/media/doc/DeVries%20Testimony.pdf">Will DeVries</a>, to explain how much of Google’s revenue from search terms comes from contextual advertising versus behavioral advertising. Despite being repeatedly pressed by Sen. Graham, DeVries declined to answer and promised to get back to the Senator privately. It’s unfortunate that he couldn’t—or wouldn’t—answer the question. It’s not the first time companies have muddied the waters on this point. Facebook CEO Mark Zuckerberg has previously <a href="https://www.washingtonpost.com/news/the-switch/wp/2018/04/10/transcript-of-mark-zuckerbergs-senate-hearing/?utm_term=.29686e752e7f">claimed</a> that users prefer targeted ads, a claim <a href="https://www.ischool.berkeley.edu/news/2019/opinion-zuckerberg-claims-facebook-users-want-targeted-ads-opposite-true">without much merit</a>. It would be useful for Congress (and users) to know if the reason for these claims is because the business models depend on it. We hope Sen. Graham keeps asking that question and receives a real answer.</span></p>
<p><span>But we cast doubt on the assertion that new privacy laws kill businesses. During the second panel, the Judiciary committee’s top Democrat, Senator Dianne Feinstein, asked if the GDPR was bad for business. CDT’s <a href="https://twitter.com/Richardson_Mich">Michelle Richardson</a> responded by saying that because the GDPR is so new, we don’t yet know its effects. Richardson also cited a Cisco <a href="https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/dpbs-2019.pdf">study</a> that cites evidence that organizations in Europe that are ready for the GDPR are benefiting from their privacy investments. </span></p>
<p><span>As we have said <a href="https://www.eff.org/deeplinks/2018/12/year-gdpr-2018s-most-famous-privacy-regulation-review">before</a>, the real proof of the GDPR’s provisions will be in how they are enforced, and against whom. Those answers will only emerge as European regulators begin to use their new authorities. Similarly, state laws such as BIPA in Illinois and <a href="https://www.eff.org/deeplinks/2018/09/vermonts-new-data-privacy-law">Vermont</a>’s data privacy law, and the CCPA, are still so new that we don’t entirely know their impact. Congress needs to allow the laws to work and the courts to make decisions before they get involved. </span></p>
<p><strong><span>Privacy Doesn’t Have to Be Complicated </span></strong></p>
<p><span>Many different senators criticized the idea that companies should be allowed to expect that their users fully understand what clicking “I agree” means on a terms of service agreement. While discussing the length and complexity of Google’s privacy policy, Sen. John Kennedy said “You can hide a dead body in there and no one would ever find it.”</span></p>
<p><span>And then there is the question of whether users actually have a choice. Freshman Sen. Josh Hawley asked DeVries whether users can fully turn off all Google’s location tracking services on their Android phones. DeVries responded that location tracking is required to "perform basic functions" on the phone. In other words, no—even if a consumer consciously chooses to turn off location tracking on their Android phone, Google is still tracking them. That’s a big deal, and Sen. Hawley noticed:</span></p>
<blockquote><p><span>Here's my basic concern ... that Americans have not signed up for this…They think they can opt out of the tracking that you're performing, but they can't meaningfully opt out.</span></p>
</blockquote>
<p><span>DeVries offered to follow up with Sen. Hawley later on Google’s tracking practices, saying, "I understand it's a complicated topic." "I don't think it's that complicated," Sen. Hawley responded. Again, it’s disappointing that DeVries wouldn’t answer the question in a public hearing. Android users should have the right to know <em>why</em> they can’t ever turn off collection of sensitive (and apparently, valuable) data.</span></p>
<p><strong><span>Build a Floor, Not a Ceiling </span></strong></p>
<p><span>States across the country have <a href="https://www.eff.org/deeplinks/2018/09/eff-opposes-federal-preemption-state-privacy-laws">already</a> enacted laws to create strong protections for user privacy. Republicans and tech industry leaders who resist these restrictions have gone on record calling for federal preemption of state privacy laws. They say they want “one national standard” in order to avoid a "patchwork" of regulations—which could <u>moot</u> an ongoing class action suit against Facebook in Illinois and wipe out the CCPA. <br /></span></p>
<p><span>We were pleased to hear Senator <a href="https://twitter.com/SenFeinstein/status/1105533293926277123">Feinstein</a> say that people should control their data with opt-in consent and that she would oppose efforts to water down the CCPA through a federal privacy law during the hearing, saying "I will not support any federal privacy bill that weakens the California standard.” <br /></span></p>
<p><span>Senator Richard <a href="https://www.blumenthal.senate.gov/">Blumenthal</a> followed up by saying there is “a bipartisan core of support for adopting a law that regards California as a floor, not a ceiling, in terms of privacy standards for both the expectations of what the standard should be as well as enforcement.” <br /></span></p>
<p>We are glad to see these senators take such a strong stand for privacy protections at the state level. We look forward to working with them and hope Congress will continue inviting different viewpoints to the table to work on strong, comprehensive privacy protections for all Americans.</p>
</div></div></div>
[FreeBSD VuXML] Gitlab -- Information Disclosure
2019-05-01T02:00:00Z
[FreeBSD VuXML] Dovecot -- Multiple vulnerabilities
2019-04-30T02:00:00Z
[FreeBSD VuXML] Gitlab -- Multiple vulnerabilities
2019-04-29T02:00:00Z
[FreeBSD VuXML] buildbot -- CRLF injection in Buildbot login and logout redirect code
2019-04-26T02:00:00Z
[FreeBSD VuXML] drupal -- Drupal core - Moderately critical
2019-04-25T02:00:00Z
[FreeBSD VuXML] FreeBSD -- EAP-pwd message reassembly issue with unexpected fragment
2019-04-23T02:00:00Z
[FreeBSD VuXML] FreeBSD -- EAP-pwd missing commit validation
2019-04-23T02:00:00Z
[FreeBSD VuXML] FreeBSD -- EAP-pwd side-channel attack
2019-04-23T02:00:00Z
[FreeBSD VuXML] FreeBSD -- SAE confirm missing state validation
2019-04-23T02:00:00Z
[FreeBSD VuXML] FreeBSD -- SAE side-channel attacks
2019-04-23T02:00:00Z
[FreeBSD VuXML] py-yaml -- arbitrary code execution
2019-04-23T02:00:00Z
[FreeBSD VuXML] Istio -- Security vulnerabilities
2019-04-22T02:00:00Z
[FreeBSD VuXML] Ghostscript -- Security bypass vulnerability
2019-04-21T02:00:00Z
[FreeBSD VuXML] GnuTLS -- double free, invalid pointer access
2019-04-19T02:00:00Z
[FreeBSD VuXML] dovecot -- json encoder crash
2019-04-18T02:00:00Z
[FreeBSD VuXML] libssh2 -- multiple issues
2019-04-18T02:00:00Z
[FreeBSD VuXML] gitea -- remote code execution
2019-04-17T02:00:00Z
[FreeBSD news] CFT FreeBSD pkg base now available
2019-04-28T10:00:00Z
FreeBSD is testing a a new approach to pkgbase. See the CFT FreeBSD pkg base message for additional details.
[FreeBSD news] FreeBSD 2019 Community Survey now available
2019-04-27T10:00:00Z
The FreeBSD 2019 Community Survey is now available. Please feel free to share the survey URL with your employer, co-workers, friends, or any other community members interested in FreeBSD. Survey closes midnight May 13 UTC (Monday 5pm PDT).
[FreeBSD news] CFT FreeBSD + New Upstream ZFS (ZoL)
2019-04-19T10:00:00Z
FreeBSD is testing a new upstream for its ZFS implementation, ZFS on Linux. Images for FreeBSD 12-STABLE and 13-CURRENT images are now available for testing FreeBSD + ZoL (ZFS on Linux). Please see the CFT FreeBSD + ZoL for testing details.
[FreeBSD news] Enhanced commit privileges: Pedro Giffuni (ports, src)
2019-04-14T10:00:00Z
[FreeBSD news] New commiter: Piotr Kubaj (ports)
2019-04-14T10:00:00Z
[FreeBSD news] New committer: Mitchell Horne (src)
2019-03-20T09:00:00Z
[FreeBSD news] New committer: Kai Knoblich (ports)
2019-02-01T09:00:00Z
[FreeBSD news] New committer: Johannes Lundberg (src)
2019-01-19T09:00:00Z
[FreeBSD news] January-September 2018 Status Report
2018-12-24T09:00:00Z
The January to September 2018 Status Report is now available.
[FreeBSD news] Cirrus CI Support for FreeBSD
2018-12-11T09:00:00Z
FreeBSD support was recently added to the Cirrus CI system. Cirrus CI makes your development cycle fast, efficient, and secure by leveraging modern cloud technologies. Cirrus CI scales with your team and makes shipping software faster and cheaper. Follow the FreeBSD Virtual Machines guide to find out more.
[FreeBSD news] FreeBSD 12.0-RELEASE Available
2018-12-11T09:00:00Z
FreeBSD 12.0-RELEASE is now available. Please be sure to check the Release Notes and Release Errata before installation for any late-breaking news and/or issues with 12.0. More information about FreeBSD releases can be found on the Release Information page.
[FreeBSD news] FreeBSD 12.0-RC3 Available
2018-12-01T09:00:00Z
The third RC build for the FreeBSD 12.0 release cycle is now available. ISO images for the amd64, armv6, armv7, arm64, i386, powerpc, powerpc64, powerpcspe and sparc64 architectures are available on most of our FreeBSD mirror sites.
[FreeBSD news] FreeBSD 12.0-RC2 Available
2018-11-25T09:00:00Z
The second RC build for the FreeBSD 12.0 release cycle is now available. ISO images for the amd64, armv6, armv7, arm64, i386, powerpc, powerpc64, powerpcspe and sparc64 architectures are available on most of our FreeBSD mirror sites.
[NetBSD changes] pkgsrc-2019Q1 released
2019-04-10T02:00:00Z
[NetBSD changes] New Developer in March 2019
2019-04-01T02:00:00Z
[NetBSD changes] New Developer in December 2018
2019-01-01T01:00:00Z
[cyanide & happiness] Comic for 2019.04.30
2019-04-30T07:00:00Z
New Cyanide and Happiness Comic
[cyanide & happiness] Comic for 2019.04.29
2019-04-29T07:00:00Z
New Cyanide and Happiness Comic
[cyanide & happiness] Comic for 2019.04.28
2019-04-28T07:00:00Z
New Cyanide and Happiness Comic
[cyanide & happiness] Comic for 2019.04.27
2019-04-27T07:00:00Z
New Cyanide and Happiness Comic
[cyanide & happiness] Comic for 2019.04.26
2019-04-26T07:00:00Z
New Cyanide and Happiness Comic
[cyanide & happiness] Comic for 2019.04.24
2019-04-24T07:00:00Z
New Cyanide and Happiness Comic
[cyanide & happiness] Comic for 2019.04.23
2019-04-23T07:00:00Z
New Cyanide and Happiness Comic
[cyanide & happiness] Comic for 2019.04.22
2019-04-22T07:00:00Z
New Cyanide and Happiness Comic
[cyanide & happiness] Comic for 2019.04.21
2019-04-21T07:00:00Z
New Cyanide and Happiness Comic
[cyanide & happiness] Comic for 2019.04.20
2019-04-20T07:00:00Z
New Cyanide and Happiness Comic
[cyanide & happiness] Comic for 2019.04.19
2019-04-19T07:00:00Z
New Cyanide and Happiness Comic
[cyanide & happiness] Comic for 2019.04.17
2019-04-17T07:00:00Z
New Cyanide and Happiness Comic
[cyanide & happiness] Comic for 2019.04.16
2019-04-16T07:00:00Z
New Cyanide and Happiness Comic
[fsf news] FSF job opportunity: campaigns manager
2019-03-25T21:15:00Z
<p>Reporting to the executive director, the campaigns manager works on our campaigns team to lead, plan, carry out, evaluate, and improve the FSF's advocacy and education campaigns. The team also works closely with other FSF departments, including licensing, operations, and tech. The position will start by taking responsibility for existing campaigns in support of the GNU Project, free software adoption, free media formats, and freedom on the network; and against Digital Restrictions Management (DRM), software patents, and proprietary software.</p>
<p>Examples of job responsibilities include, but are not limited to:</p>
<ul>
<li>Planning and participating in online and physical actions to
achieve our campaign goals;<br />
</li>
<li>Setting specific goals for each action and then measuring our
success in achieving them;<br />
</li>
<li>Doing the writing and messaging work needed to effectively explain
our campaigns and motivate people to support them;<br />
</li>
<li>Overseeing or doing the graphic design work to make our campaigns
and their Web sites attractive;<br />
</li>
<li>Supporting and attending special events, including
community-building activities and our annual LibrePlanet conference;<br />
</li>
<li>Assisting with annual online and mail fundraising efforts;<br />
</li>
<li>Working with our tech team on the technology choices and
deployments -- especially of Web publication systems like Drupal
and Plone -- for our campaign sites; and</li>
<li>Being an approachable, humble, and friendly representative of the
FSF to our worldwide community of existing supporters and the
broader public, both in person and online.<br />
</li>
</ul>
<p>Ideal candidates have at least three to five years of work experience in online issue advocacy and free software; proficiency and comfort with professional writing and publications preferred. Because the FSF works globally and seeks to have our materials distributed in as many languages as possible, multilingual candidates will have an advantage. With our small staff of fourteen, each person makes a clear contribution. We work hard, but offer a humane and fun work environment at an office located in the heart of downtown Boston. The FSF is a mature but growing organization that provides great potential for advancement; existing staff get the first chance at any new job openings.</p>
<h2>Benefits and salary</h2>
<p>This job is a union position that must be worked on-site at the FSF's downtown Boston office. The salary is fixed at $63,253/year and is non-negotiable. Other benefits include:</p>
<ul>
<li>Full individual or family health coverage through Blue Cross/Blue Shield's HMO Blue program;<br />
</li>
<li>Subsidized dental plan;<br />
</li>
<li>Four weeks of paid vacation annually;<br />
</li>
<li>Seventeen paid holidays annually;<br />
</li>
<li>Weekly remote work allowance;<br />
</li>
<li>Public transit commuting cost reimbursement;<br />
</li>
<li>403(b) program through TIAA with employer match;<br />
</li>
<li>Yearly cost-of-living pay increases (based on government guidelines);<br />
</li>
<li>Healthcare expense reimbursement budget;<br />
</li>
<li>Ergonomic budget;<br />
</li>
<li>Relocation (to Boston area) expense reimbursement;<br />
</li>
<li>Conference travel and professional development opportunities; and</li>
<li>Potential for an annual performance bonus.</li>
</ul>
<h2>Application instructions</h2>
<p>Applications must be submitted via email to <a href="mailto:hiring@fsf.org">hiring@fsf.org</a>. The email must contain the subject line "Campaigns manager". A complete application should include:</p>
<ul>
<li>Cover letter, including a brief example of a time you motivated and organized others to take action on an issue important to you;<br />
</li>
<li>Resume;<br />
</li>
<li>Two recent writing samples;<br />
</li>
<li>Links to any talks you have given (optional); and<br />
</li>
<li>Graphic design samples (optional).</li>
</ul>
<p>All materials must be in a free format (such as plain text, PDF, or OpenDocument). Email submissions that do not follow these instructions will probably be overlooked. No phone calls, please.</p>
<p><strong>Applications will be reviewed on a rolling basis until the position is filled. To guarantee consideration, submit your application by Sunday, April 28th.</strong><br />
</p>
<p>The FSF is an equal opportunity employer and will not discriminate against any employee or application for employment on the basis of race, color, marital status, religion, age, sex, sexual orientation, national origin, handicap, or any other legally protected status recognized by federal, state or local law. We value diversity in our workplace. </p>
<h3>About the Free Software Foundation</h3>
<p>The Free Software Foundation, founded in 1985, is dedicated to promoting computer users' right to use, study, copy, modify, and redistribute computer programs. The FSF promotes the development and use of free (as in freedom) software -- particularly the GNU operating system and its GNU/Linux variants -- and free documentation for free software. The FSF also helps to spread awareness of the ethical and political issues of freedom in the use of software, and its Web sites, located at fsf.org and gnu.org, are an important source of information about GNU/Linux. Donations to support the FSF's work can be made at <a href="https://donate.fsf.org">https://donate.fsf.org</a>. We are based in Boston, MA, USA.</p>
[fsf news] OpenStreetMap and Deborah Nicholson win 2018 FSF Awards
2019-03-24T00:30:00Z
<p><em>BOSTON, Massachusetts, USA -- Saturday, March 23, 2019 -- The Free
Software Foundation (FSF) recognizes <a href="https://www.openstreetmap.org/">OpenStreetMap</a> with the 2018
Free Software Award for Projects of Social Benefit and Deborah
Nicholson with the Award for the Advancement of Free Software. FSF
president Richard M. Stallman presented the awards today in a yearly
ceremony during the LibrePlanet 2019 conference at the Massachusetts
Institute of Technology (MIT).</em></p>
<p>The <a href="https://www.fsf.org/awards/sb-award/">Award for Projects of Social Benefit</a> is presented to a
project or team responsible for applying free software, or the ideas
of the free software movement, to intentionally and significantly
benefit society. This award stresses the use of free software in
service to humanity.</p>
<p><img src="https://static.fsf.org/nosvn/libreplanet/2019/photos/free-software-awards/both.jpg" alt="Richard Stallman with Free Software Awards winners Deborah Nicholson and Kate Chapman" style="float: right; width: 250px; margin: 10px 0px 10px 10px;" /> </p>
<p>This year the FSF awarded OpenStreetMap and the award was accepted by
Kate Chapman, chairperson of the OpenStreetMap Foundation and
co-founder of the Humanitarian OpenStreetMap Team (HOT).</p>
<p>OpenStreetMap is a collaborative project to create a free editable map
of the world. Founded by Steve Coast in the UK in 2004, OpenStreetMap
is built by a community of over one million community members and has
found its application on thousands of Web sites, mobile apps, and
hardware devices. OpenStreetMap is the only truly global service
without restrictions on use or availability of map information.</p>
<p>Stallman emphasized the importance of OpenStreetMap in a time where
geotech and geo-thinking are highly prevalent. "It has been clear for
decades that map data are important. Therefore we need a free
collection of map data. The name OpenStreetMap doesn't say so
explicitly, but its map data is free. It is the free replacement that
the Free World needs."</p>
<p>Kate thanked the Free Software Foundation and the large community of
contributors of OpenStreetMap. "In 2004, much of the geospatial data
was either extraordinarily expensive or unavailable. Our strong
community of people committed to free and open map information has
changed that. Without the leadership before us from groups such as the
Free Software Foundation, we would not have been able to grow and
develop to the resource we are today."</p>
<p>The <a href="https://www.fsf.org/awards/fs-award">Award for the Advancement of Free Software</a> goes to an
individual who has made a great contribution to the progress and
development of free software through activities that accord with the
spirit of free software.</p>
<p><img src="https://static.fsf.org/nosvn/libreplanet/2019/photos/free-software-awards/deb.jpg" alt="Richard Stallman presenting Free Software Award to Deborah Nicholson" style="float: right; width: 250px; margin: 10px 0px 10px 10px;" /> </p>
<p>This year it was presented to Deborah Nicholson, who, motivated by the
intersection of technology and social justice, advocates access to
political information, unfettered freedom of speech and assembly, and
civil liberties in our increasingly digital world. She joined the free
software movement in 2006 after years of local organizing for free
speech, marriage equality, government transparency and access to the
political process. The Free Software Foundation recognizes her as an
exceptional opinion leader, activist and community advocate.</p>
<p>Deborah is the director of community operations at the <a href="https://sfconservancy.org">Software
Freedom Conservancy</a>, where she supports the work of its member
organizations and facilitates collaboration with the wider free
software community. She has served as the membership coordinator for
the <a href="https://www.fsf.org">Free Software Foundation</a>, where she created the Women's
Caucus to increase recruitment and retention of women in the free
software community. She has been widely recognized for her volunteer
work with <a href="https://mediagoblin.org/">GNU MediaGoblin</a>, a federated media-publishing platform,
and <a href="https://blog.openhatch.org/2017/celebrating-our-successes-and-winding-down-as-an-organization/">OpenHatch</a>, free software's welcoming committee. She continues
her work as a founding organizer of the <a href="http://seagl.org/">Seattle GNU/Linux
Conference</a>, an annual event dedicated to surfacing new voices and
welcoming new people to the free software community.</p>
<p>Stallman praised her body of work and her unremitting and widespread
contributions to the free software community. "Deborah continuously
reaches out to, and engages, new audiences with her message on the
need for free software in any version of the future."</p>
<p>Deborah continued: "Free software is critically important for
autonomy, privacy and a healthy democracy -- but it can't achieve that
if it is only accessible for some, or if it is alienating for large
swathes of people. That's why it's so important that we continue
surfacing new voices, making room for non-coders and welcoming new
contributors into the free software community. I also find that in
addition to helping us build a better, bigger movement, the work of
welcoming is extremely rewarding."</p>
<p>Nominations for both awards are submitted by members of the public,
then evaluated by an award committee composed of previous winners and
FSF founder and president Richard Stallman.</p>
<p>More information about both awards, including the full list of
previous winners, can be found at <a href="https://www.fsf.org/awards">https://www.fsf.org/awards</a>.</p>
<h1><em>About the Free Software Foundation</em></h1>
<p>The Free Software Foundation, founded in 1985, is dedicated to
promoting computer users' right to use, study, copy, modify, and
redistribute computer programs. The FSF promotes the development and
use of free (as in freedom) software -- particularly the GNU operating
system and its GNU/Linux variants -- and free documentation for free
software. The FSF also helps to spread awareness of the ethical and
political issues of freedom in the use of software, and its Web sites,
located at <a href="https://fsf.org">https://fsf.org</a> and <a href="https://gnu.org">https://gnu.org</a>, are an important
source of information about GNU/Linux. Donations to support the FSF's
work can be made at <a href="https://my.fsf.org/donate">https://my.fsf.org/donate</a>. Its headquarters are
in Boston, MA, USA.</p>
<p>More information about the FSF, as well as important information for
journalists and publishers, is at <a href="https://www.fsf.org/press">https://www.fsf.org/press</a>.</p>
<h1><em>Media Contacts</em></h1>
<p>John Sullivan <br />
Executive Director <br />
Free Software Foundation <br />
+1 (617) 542 5942 <br />
<a href="mailto:campaigns@fsf.org">campaigns@fsf.org</a></p>
<p><em>Photo credits: Copyright © 2019 Madi Muhlberg, photos licensed under CC-BY 4.0.</em></p>
[fsf news] Seven new devices from ThinkPenguin, Inc. now FSF-certified to Respect Your Freedom
2019-03-21T21:45:08Z
<p>BOSTON, Massachusetts, USA -- Thursday, March 21st, 2019 -- The Free Software Foundation (FSF) today awarded Respects Your Freedom (RYF)
certification to seven devices from ThinkPenguin, Inc.: The Penguin Wireless G USB Adapter (TPE-G54USB2), the Penguin USB Desktop Microphone for GNU / Linux (TPE-USBMIC), the Penguin Wireless N Dual-Band PCIe Card (TPE-N300PCIED2), the PCIe Gigabit Ethernet Card Dual Port (TPE-1000MPCIE), the PCI Gigabit Ethernet Card (TPE-1000MPCI), the Penguin 10/100 USB Ethernet Network Adapter v1 (TPE-100NET1), and the Penguin 10/100 USB Ethernet Network Adapter v2 (TPE-100NET2). The RYF certification mark means that these products meet the FSF's standards in regard to users' freedom, control over the product, and privacy.</p>
<img src="https://static.fsf.org/nosvn/ryf/TPE-N300PCIED2_2.jpg" alt="TPE-N300PCIED2_2" height="250" width="250" />
<p>These are not the first devices from ThinkPenguin to receive <a href="https://www.fsf.org/ryf">RYF certification</a>. This fresh batch joins four previously certified devices in the ThinkPenguin lineup. With these additions, ThinkPenguin becomes one of the largest retailers of RYF-certified devices.</p>
<p>"I'm excited about this announcement, because this collection of devices includes some for which there previously was no certified option. These certifications get us closer to our goal of making sure there is a certified device in each product category, to meet all users' needs," said the FSF's executive director, John Sullivan.</p>
<p>Today's certification broadly expands the availability of RYF-certified peripheral devices. The <a href="https://www.thinkpenguin.com/gnu-linux/penguin-wireless-g-usb-adapter">Penguin Wireless G USB Adapter</a> and <a href="https://www.thinkpenguin.com/gnu-linux/penguin-wireless-n-dual-band-pcie-card-gnu-linux-tpe-n300pcied23-w-full-low-profile-bracke">Penguin Wireless N Dual-Band PCIe Card</a> enable wireless network connectivity. The <a href="https://www.thinkpenguin.com/gnu-linux/pcie-gigabit-ethernet-card-dual-port-w-full-lowprofile-brackets-tpe-1000mpcie">PCIe Gigabit Ethernet Card Dual Port</a>, <a href="https://www.thinkpenguin.com/gnu-linux/pci-gigabit-ethernet-card-w-full-lowprofile-brackets-tpe-1000mpci">PCI Gigabit Ethernet Card</a>, <a href="https://fsf.org">Penguin 10/100 USB Ethernet Network Adapter v1</a>, and <a href="https://fsf.org">Penguin 10/100 USB Ethernet Network Adapter v2</a> provide a direct Ethernet connection. Finally, the <a href="https://www.thinkpenguin.com/gnu-linux/penguin-usb-desktop-microphone-gnulinux">Penguin USB Desktop Microphone for GNU / Linux</a> helps users to connect to one another by providing a freedom-respecting microphone.</p>
<p>"I've always believed that the biggest difficulty for users in the free software world has been in obtaining compatible hardware, and so I'm glad to be participating in the expansion of the RYF program" said Christopher Waid, founder and CEO of ThinkPenguin.</p>
<p>ThinkPenguin, Inc. was one of the first companies to receive RYF certification, gaining their <a href="https://www.fsf.org/news/ryf-certification-thinkpenguin-usb-with-atheros-chip">first</a> and <a href="https://www.fsf.org/news/a-second-fsf-certified-device-from-thinkpenguin-long-range-usb-wifi-adapter-with-atheros-chip">second</a> certifications in 2013, and adding several more over the years since.</p>
<p>"ThinkPenguin has excelled for years in providing users with the tools they need to control their own computing. We are excited by these new additions today, and look forward to what they have in store for the future," said the FSF's licensing and compliance manager, Donald Robertson, III.</p>
<p>To learn more about the Respects Your Freedom certification program, including details on the certification of these ThinkPenguin devices, please visit <a href="https://fsf.org/ryf">https://fsf.org/ryf</a>.</p>
<p>Hardware sellers interested in applying for certification can consult <a href="https://www.fsf.org/resources/hw/endorsement/criteria">https://www.fsf.org/resources/hw/endorsement/criteria</a>.</p>
<h3>About the Free Software Foundation</h3>
<p>The <a href="https://fsf.org">Free Software Foundation</a>, founded in 1985, is dedicated to
promoting computer users' right to use, study, copy, modify, and
redistribute computer programs. The FSF promotes the development and
use of free (as in freedom) software -- particularly the GNU operating
system and its GNU/Linux variants -- and free documentation for free
software. The FSF also helps to spread awareness of the ethical and
political issues of freedom in the use of software, and its Web sites,
located at <a href="https://fsf.org">https://fsf.org</a> and <a href="https://gnu.org">https://gnu.org</a>, are an important
source of information about GNU/Linux. Donations to support the FSF's
work can be made at <a href="https://donate.fsf.org">https://donate.fsf.org</a>. Its headquarters are in
Boston, MA, USA.</p>
<p>More information about the FSF, as well as important information for
journalists and publishers, is at <a href="https://www.fsf.org/press">https://www.fsf.org/press</a>.</p>
<h3>About ThinkPenguin, Inc.</h3>
<p>Started by Christopher Waid, founder and CEO, ThinkPenguin, Inc., is a consumer-driven company with a mission to bring free software to the masses. At the core of company is a catalog of computers and accessories with broad support for GNU/Linux. The company provides technical support for end-users and works with the community, distributions, and upstream projects to make GNU/Linux all that it can be.</p>
<h3>Media Contacts</h3>
<p>Donald Robertson, III <br />
Licensing and Compliance Manager<br />
Free Software Foundation<br />
+1 (617) 542 5942<br />
<a href="mailto:licensing@fsf.org">licensing@fsf.org</a><br />
</p>
<p>ThinkPenguin, Inc. <br />
+1 (888) 39 THINK (84465) x703 <br />
<a href="mailto:media@thinkpenguin.com">media@thinkpenguin.com</a> <br />
</p>
<p><em>Image Copyright 2016 ThinkPenguin, Inc., licensed under <a href="https://creativecommons.org/licenses/by-sa/4.0/">Creative Commons Attribution-ShareAlike 4.0</a>.</em></p>
[fsf news] Activists and experts gather in Cambridge for ethical tech conference to celebrate software freedom on March 23-24
2019-03-14T22:01:19Z
<p>CAMBRIDGE, Massachusetts, USA -- Thursday, March 14, 2019 -- Next
weekend, the Free Software Foundation (FSF) presents the eleventh annual
<a href="https://libreplanet.org/2019">LibrePlanet free software conference</a> in Cambridge, March
23-24, 2019, at the Stata Center at the Massachusetts Institute of Technology. LibrePlanet is an annual conference for
people who care about their digital freedoms, bringing together
software developers, policy experts, activists, and computer
users to learn skills, share accomplishments, and tackle
challenges facing the <a href="https://www.gnu.org/philosophy/free-sw.html">free software</a> movement, including 3D printing, cryptography, medical devices, privacy, security, and current issues in software licensing. LibrePlanet 2019 will focus on the exploration of software freedom and how to bring to life trailblazing, principled new technologies.</p>
<p>LibrePlanet 2019 will include <a href="https://www.fsf.org/blogs/community/announcing-keynote-speakers-for-libreplanet-and-dont-miss-your-chance-to-give-a-talk">four keynotes</a>. Tarek Loubani, an emergency physician, will talk about his work on making medical devices accessible through free designs that meet medical industry standards. Micky Metts, a member of the Agaric Design Collective, will talk about your collective and individual roles in maintaining your freedoms, with free software as the foundation. Bdale Garbee, longtime free software contributor and former Debian Project Leader, will tell us about the fun in free software, using personal anecdotes as examples. Richard Stallman, founder of the FSF and president of the board of directors, will discuss current issues facing user freedom, and announce the winners of the <a href="https://fsf.org/awards">2018 Free Software Foundation awards</a>.</p>
<p>"What makes LibrePlanet great is how it brings everyone from old hand activists to new free software enthusiasts from around the world to exchange ideas, collaborate, and take on challenges to software freedom,"
said John Sullivan, executive director of the FSF. "We run the event using entirely free software, putting our ideals into action. This conference builds the
software community, by offering opportunities for those who cannot
attend to participate remotely via watching a multi-channel
livestream and online voice and text conversations."</p>
<p>In addition to keynote presentations, LibrePlanet will include: <a href="https://libreplanet.org/2019/program">36 sessions</a>; a party and a hack night on Saturday; an exhibit hall with exciting free software projects, nonprofits, and companies; and community organized meetups. Sessions include such topics as "The Tor Project: State of the Onion," "Australia's decryption law and free software," "Free software in the 3D printing community," and the "The Right to Repair & the DMCA." There will be talks on activism, case studies, communities, licensing and legal issues, and technical issues.</p>
<p>Attendees may <a href="https://my.fsf.org/civicrm/event/info?id=79">register online</a> until Tuesday, March 19 at 10:00 EDT, after which point they can register onsite at the conference, space permitting. Attendance is gratis for students and FSF members. Journalists interested in press passes should contact <a href="mailto:campaigns@fsf.org">campaigns@fsf.org</a>.</p>
<p>LibrePlanet is financially supported in part by Red Hat and Private Internet Access.</p>
<h3>About LibrePlanet</h3>
<p>LibrePlanet is the annual conference of the Free Software
Foundation. What was once a small gathering of FSF
members has grown into a larger event for anyone with an interest
in the values of software freedom. LibrePlanet is always gratis
for <a href="https://my.fsf.org/join">associate members</a> of the FSF and students. Sign up for
announcements about the LibrePlanet conference <a href="https://my.fsf.org/civicrm/profile/create?gid=285&reset=1">here</a>.</p>
<p><a href="https://libreplanet.org/2018/">LibrePlanet 2018</a> was held at MIT from March 24-25,
2018. About 350 attendees from all over the world came together
for conversations, workshops, and keynotes centered around
the theme of "Freedom Embedded." You can watch videos from
past conferences at <a href="https://media.libreplanet.org">https://media.libreplanet.org</a>, including
keynotes by <a href="https://media.libreplanet.org/u/libreplanet/m/free-software-forever-with-slides/">Deb Nicholson</a>, <a href="https://media.libreplanet.org/u/libreplanet/m/incompossibilities-ubiquitous-engineering-tradeoffs/">Seth Schoen</a>, and <a href="https://media.libreplanet.org/u/libreplanet/m/free-software-and-the-shifting-landscape-of-online-cooperation/">Benjamin Mako Hill</a>.</p>
<h3>About the Free Software Foundation</h3>
<p>The FSF, founded in 1985, is dedicated to promoting computer
users' right to use, study, copy, modify, and redistribute
computer programs. The FSF promotes the development and use of
free (as in freedom) software -- particularly the GNU operating
system and its GNU/Linux variants -- and free documentation for
free software. The FSF also helps to spread awareness of the
ethical and political issues of freedom in the use of software,
and its Web sites, located at <a href="https://fsf.org">https://fsf.org</a> and
<a href="https://gnu.org">https://gnu.org</a>, are an important source of information about
GNU/Linux. Donations to support the FSF's work can be made at
<a href="https://donate.fsf.org">https://donate.fsf.org</a>. Its headquarters are in Boston, MA,
USA.</p>
<p>More information about the FSF, as well as important information
for journalists and publishers, is at
<a href="https://www.fsf.org/press">https://www.fsf.org/press</a>.</p>
<h3>Media Contact</h3>
<p>Molly de Blanc<br />
Campaigns Manager<br />
Free Software Foundation<br />
+1 (617) 542 5942<br />
<a href="mailto:campaigns@fsf.org">campaigns@fsf.org</a></p>
[fsf news] FSF Fiscal Year 2017 Annual Report now available
2019-02-11T20:25:00Z
<p>The report is viewable as a <a href="https://www.fsf.org/annual-reports/fy2017/">Web site</a> or <a href="https://www.fsf.org/annual-reports/fy2017/print-fsf-fy2017.pdf">high resolution PDF</a>.</p>
<p>The Annual Report reviews the FSF's activities,
accomplishments, and financial picture from October 1, 2016 to
September 30, 2017. It is the result of a full external financial
audit, along with a focused study of program results. It examines the
impact of the FSF's events, programs, and activities, including the
<a href="https://libreplanet.org/2017/">annual LibrePlanet conference</a>, the <a href="https://www.fsf.org/resources/hw/endorsement/respects-your-freedom">Respects Your Freedom (RYF)
hardware certification program</a>, and the fight against <a href="https://www.defectivebydesign.org/blog/day_against_drm_rocked_lets_keep_pressure_netflix">Digital
Restrictions Management (DRM)</a>.</p>
<p>"Software filters the information we receive about the world, the
messages we put out into the world, and even the way we physically
move in the world," said FSF executive director John Sullivan in his
introduction to the FY2017 report. "If the software is not free 'as in
freedom'... the consequences for the rest of us will be loss of
democracy, privacy, security, freedom of speech, freedom of movement
-- and even loss of life."</p>
<p>The FSF publishes its financials and annual report as part of
their commitment to transparency. Along with its strong financial
health, accountability and transparency are the reasons the FSF is a
<a href="https://www.charitynavigator.org/index.cfm?bay=search.summary&orgid=8557">Charity Navigator Four Star Charity.</a></p>
<p>As with all of the Foundation's activities, the Annual Report was made
using free software, including Pelican, Scribus, GIMP, and Inkscape,
along with freely licensed fonts and images. If you would like a
printed copy of the Annual Report, or have any questions or comments,
please email <a href="mailto:campaigns@fsf.org">campaigns@fsf.org</a>.</p>
<h3>About the Free Software Foundation</h3>
<p>The Free Software Foundation, founded in 1985, is dedicated to
promoting computer users' right to run, change, share, and contribute
to computer programs. The FSF promotes the development and use of free
(as in freedom) software -- particularly the GNU operating system and
its GNU/Linux variants -- and free documentation for free
software. The FSF also helps to spread awareness of the ethical and
political issues of freedom in the use of software, and its Web sites,
located at <a href="https://fsf.org">https://fsf.org</a> and <a href="https://gnu.org">https://gnu.org</a>, are an important
source of information about GNU/Linux. Donations to support the FSF's
work can be made at <a href="https://donate.fsf.org">https://donate.fsf.org</a>. Its headquarters are in
Boston, MA, USA.</p>
<p>More information about the FSF, as well as important information for
journalists and publishers, is at <a href="https://www.fsf.org/press">https://www.fsf.org/press</a>.</p>
<h3>Media Contact</h3>
<p>Molly de Blanc<br />
Campaigns Manager<br />
Free Software Foundation<br />
+1 (617) 542 5942<br />
<a href="mailto:campaigns@fsf.org">campaigns@fsf.org</a></p>
[fsf news] Vikings D8 Mainboard and D8 Workstation now FSF-certified to Respect Your Freedom
2019-02-07T21:25:00Z
<div style="float: right; width: 250px; margin: 10px 0px 10px 10px; padding: 4px; background-color: #EEEEEE; text-align: center; font-size: 75%;">
<img alt="D8 workstation Image" src="https://static.fsf.org/nosvn/images/D8_frontleft.jpg" width="250" /></div>
<p>These are the fourth and fifth devices from <a href="https://store.vikings.net/">Vikings</a> to
receive <a href="https://www.fsf.org/ryf">RYF certification</a>. The Vikings D8 Mainboard is an ASUS
KCMA-D8 that comes with <a href="https://trisquel.info/">Trisquel GNU/Linux</a>. Like the previously
certified <a href="https://store.vikings.net/libre-friendly-hardware/d16-ryf-certfied">Vikings D16</a>, it is a powerful mainboard suitable for
use as a workstation or server. The Vikings D8 Workstation brings the
D8 Mainboard together with a variety of options to provide a robust
workstation for users. Both are available for purchase at
<a href="https://store.vikings.net">https://store.vikings.net</a>.</p>
<p>"The more options users have for RYF-certified mainboards, the easier
it is for them to build a machine that is completely under their
control. Having an already assembled workstation available as an
option is also a great improvement to the program. This is an area in
which we hope to see continued growth, so that every user can get what
they want when it comes to a server or workstation," said the FSF's
licensing and compliance manager, Donald Robertson, III.</p>
<p>Vikings received their <a href="https://www.fsf.org/news/three-devices-from-vikings-gmbh-now-fsf-certified-to-respect-your-freedom">first three certifications</a> in spring
of 2017, and has steadily worked to continue offering new
RYF-certifiable devices.</p>
<p>"When we announced the first certifications for Vikings we knew they
would be back soon with even more. Vikings is building an impressive
lineup of freedom-respecting hardware and we're excited to see the D8
Mainboard and Workstation as their latest additions," said the FSF's
executive director, John Sullivan.</p>
<p>"The Vikings Store is dedicated to helping users purchase ready to go,
libre-friendly systems. Together with the Free Software Foundation, we
have put a lot of effort into offering a high-performance,
owner-controllable system at an affordable price. This machine is
aimed at the security-conscious, as well as users who prefer a
computer that runs free software from the ground up as an ethical
choice. That is why we are pleased to see the Vikings D8 Workstation
receive RYF certification. We would like to thank Timothy Pearson of
Raptor Engineering, Inc. for their reverse engineering and porting
work which laid the very foundation for making this possible," said
Vikings CEO Thomas Umbach.</p>
<p>To learn more about the Respects Your Freedom certification program,
including details on the certification of the Vikings D8 Workstation
and Mainboard, please visit <a href="https://fsf.org/ryf">https://fsf.org/ryf</a>.</p>
<p>Hardware sellers interested in applying for certification can consult
<a href="https://www.fsf.org/resources/hw/endorsement/criteria">https://www.fsf.org/resources/hw/endorsement/criteria</a>.</p>
<h3>About the Free Software Foundation</h3>
<p>The <a href="https://fsf.org">Free Software Foundation</a>, founded in 1985, is dedicated to
promoting computer users' right to use, study, copy, modify, and
redistribute computer programs. The FSF promotes the development and
use of free (as in freedom) software -- particularly the GNU operating
system and its GNU/Linux variants -- and free documentation for free
software. The FSF also helps to spread awareness of the ethical and
political issues of freedom in the use of software, and its Web sites,
located at <a href="https://fsf.org">https://fsf.org</a> and <a href="https://gnu.org">https://gnu.org</a>, are an important
source of information about GNU/Linux. Donations to support the FSF's
work can be made at <a href="https://donate.fsf.org">https://donate.fsf.org</a>. Its headquarters are in
Boston, MA, USA.</p>
<p>More information about the FSF, as well as important information for
journalists and publishers, is at <a href="https://www.fsf.org/press">https://www.fsf.org/press</a>.</p>
<h3>About Vikings</h3>
<p><a href="https://store.vikings.net/">Vikings</a> ships libre-friendly hardware world-wide and has an
ever-growing number of FSF RYF certfified devices that truly respects
your freedom. Vikings is also the world's first libre-friendly hosting
company running on fully libre hosting software and a libre-friendly
and owner-controllable hardware platform. All services are based
on 100% libre software and are powered by 100% certified green
energy.</p>
<h3>Media Contacts</h3>
<p>Donald Robertson, III<br />
Licensing and Compliance Manager<br />
Free Software Foundation<br />
+1 (617) 542 5942<br />
<a href="mailto:licensing@fsf.org">licensing@fsf.org</a><br />
</p>
<p>Vikings GmbH <br />
Thomas Umbach <br />
+49 69 247 54 91 0 <br />
<a href="mailto:hello@vikings.net">hello@vikings.net</a> <br />
<a href="https://www.vikings.net/">https://www.vikings.net/</a> <br />
<a href="https://store.vikings.net/">https://store.vikings.net/</a> <br />
</p>
<p><em>Updated on February 11th, 2019, to correct some details.</em></p>
<p><em>Image by Vikings GmbH is licensed under a <a href="https://creativecommons.org/publicdomain/zero/1.0/">CC0 1.0 Universal (CC0
1.0) Public Domain Dedication
license</a>.</em></p>
[fsf news] FSF adds Hyperbola GNU/Linux-libre to list of endorsed GNU/Linux distributions
2018-12-06T22:15:24Z
<div style="float: right; width: 250px; margin: 10px 0px 10px 10px; padding: 4px; background-color: #EEEEEE; text-align: center; font-size: 75%;">
<img alt="hyperbola logo" src="https://static.fsf.org/nosvn/images/hyperbola_logo.png" width="250" /></div>
<p><a href="https://www.gnu.org/distros/free-distros.html">The FSF's list</a> showcases GNU/Linux operating system distributions
whose developers have made a commitment to follow its <a href="https://www.gnu.org/distros/free-system-distribution-guidelines.html">Guidelines for
Free System Distributions</a>. Each one includes and endorses
exclusively free "as in freedom" software.</p>
<p>After a thorough vetting process, the FSF concluded that
<a href="https://www.hyperbola.info/">Hyperbola</a>, a long-term support simplicity-focused distribution
based on Arch GNU/Linux, meets these criteria.</p>
<p>"In a world where proprietary operating systems continually up the
ante in terms of the abuse they heap on their users, adding another
distribution to the list of fully free systems is a welcome
development. Hyperbola represents another safe home for users looking
for complete control over their own computing," said John Sullivan,
FSF's executive director.</p>
<p>"Hyperbola is a fully free distribution based on Arch snapshots and
Debian development without nonfree software, documentation, or any
type of support for the installation or execution of nonfree
software. Unlike Arch, which is a rolling release distribution,
Hyperbola is a long-term one focused on stability and security
inspired from Debian and Devuan," said André Silva, Hyperbola
co-founder and developer.</p>
<p>FSF's licensing and compliance manager, Donald Robertson, added, "It
was a pleasure working with the team behind Hyperbola throughout this
process. They really go above and beyond in terms of looking out for
the rights of their users. "</p>
<p>Hyperbola joins a growing list of distributions that users can
trust. More information about Hyperbola, and how volunteers can get
involved, is available at <a href="https://www.hyperbola.info/">https://www.hyperbola.info/</a>.</p>
<h1>About the Free Software Foundation</h1>
<p>The Free Software Foundation, founded in 1985, is dedicated to
promoting computer users' right to run, edit, share, and contribute to
computer programs. The FSF promotes the development and use of free
(as in freedom) software -- particularly the GNU operating system and
its GNU/Linux variants -- and free documentation for free
software. The FSF also helps to spread awareness of the ethical and
political issues of freedom in the use of software, and its Web sites,
located at <a href="https://fsf.org">https://fsf.org</a> and <a href="https://gnu.org">https://gnu.org</a>, are an important
source of information about GNU/Linux. Donations to support the FSF's
work can be made at <a href="https://donate.fsf.org">https://donate.fsf.org</a>. Its headquarters are in
Boston, MA, USA.</p>
<p>More information about the FSF, as well as important information for
journalists and publishers, is at <a href="https://www.fsf.org/press">https://www.fsf.org/press</a>.</p>
<h1>About the GNU Operating System and Linux</h1>
<p>Richard Stallman announced in September 1983 the plan to develop a
free software Unix-like operating system called GNU. GNU is the only
operating system developed specifically for the sake of users'
freedom. See <a href="https://www.gnu.org/gnu/the-gnu-project.html">https://www.gnu.org/gnu/the-gnu-project.html</a>.</p>
<p>In 1992, the essential components of GNU were complete, except for
one, the kernel. When in 1992 the kernel Linux was re-released under
the GNU GPL, making it free software, the combination of GNU and Linux
formed a complete free operating system, which made it possible for
the first time to run a PC without nonfree software. This combination
is the GNU/Linux system. For more explanation, see
<a href="https://www.gnu.org/gnu/gnu-linux-faq.html">https://www.gnu.org/gnu/gnu-linux-faq.html</a>.</p>
<h1>Media Contacts</h1>
<p>Donald Robertson, III<br />
Licensing & Compliance Manager<br />
Free Software Foundation<br />
+1 (617) 542 5942<br />
<a href="mailto:licensing@fsf.org">licensing@fsf.org</a></p>
<p><em>Hyperbola GNU/Linux-libre logo, Copyright 2017-2018 Hyperbola Project released under the <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC-BY-SA 4.0 license</a>.</em></p>
[fsf news] Free Software Foundation receives $1 million from Handshake
2018-12-03T19:10:00Z
<p>BOSTON, Massachusetts, USA -- Monday, December 3rd, 2018 -- The Free
Software Foundation (FSF) announced it has received several earmarked
charitable donations from <a href="https://handshake.org">Handshake</a>, an organization developing
an experimental peer-to-peer root domain naming system, totaling $1
million. These gifts will support the FSF's organizational capacity,
including its advocacy, education, and licensing initiatives, as well
as specific projects fiscally sponsored by the FSF.</p>
<p>John Sullivan, FSF's executive director, said, "Building on the $1
million Bitcoin gift from the <a href="https://www.fsf.org/news/free-software-foundation-receives-1-million-donation-from-pineapple-fund">Pineapple Fund</a> earlier this year,
and our record high number of individual associate members, it is
clear that software freedom is more important than ever to the world.
We are now at a pivotal moment in our history, on the cusp of making
free software the 'kitchen table issue' it must be. Thanks to
Handshake and our members, the Free Software Foundation looks forward
to scaling to the next level of free software activism, development,
and community."</p>
<p>Rob Myers of Handshake said, "The FSF is a worldwide leader in the
fight to protect the rights of all computer users through its support
for the production of free software, including the <a href="https://www.gnu.org/">GNU operating
system</a> and its campaigns to raise awareness such as <a href="https://www.defectivebydesign.org/">Defective by
Design</a>. Handshake is proud to be able to support the FSF in its
important work to secure our freedom."</p>
<p>These significant contributions from Handshake will fuel the FSF's
efforts with activists, developers, and lawyers around the world.
They include:</p>
<ul>
<li>
<p>$400,000 for the FSF's organizational capacity, publications,
licensing, and activist initiatives;</p>
</li>
<li>
<p>$200,000 for <a href="https://replicant.us">Replicant</a>, the fully free mobile operating system
based on Android;</p>
</li>
<li>
<p>$100,000 for <a href="https://gnu.org/software/guix">GNU Guix and GuixSD</a>, a package manager supporting
transactional upgrades and roll-backs, unprivileged package
management, per-user profiles, and more, as well as a distribution
of the GNU operating system using that package manager;</p>
</li>
<li>
<p>$100,000 for <a href="https://gnu.org/software/octave">GNU Octave</a>, a high-level language, primarily
intended for numerical computations;</p>
</li>
<li>
<p>$100,000 to help the GNU Project address important threats like
<a href="https://gnu.org/philosophy/javascript-trap">nonfree JavaScript</a>; and</p>
</li>
<li>
<p>$100,000 for the <a href="https://my.fsf.org/civicrm/contribute/transact?reset=1&id=57">GNU Toolchain</a>, which provides the foundational
software components of the GNU/Linux system and the Internet.</p>
</li>
</ul>
<p>Replicant developer Denis "GNUtoo" Carikli said, "So far, Replicant
development has been driven by very few individuals contributing to it
in their free time. Donations have been used to enable Replicant
developers to buy new devices to port Replicant on, and to enable new
Replicant developers to work on already-supported devices. They were
also used to enable developers to attend conferences to promote
Replicant and try to find new contributors. The kind of amount we
received will enable Replicant to fund development, first to fix the
most critical bugs, and then to upstream most of its code, making it
more sustainable, and also enabling other projects to reuse
Replicant's work to improve users' freedom."</p>
<p>Guix developer and project committee member Ricardo Wurmus said, "This
donation allows the GNU Guix project to guarantee its independence,
invest in hardware, and develop new features to benefit all our users.
We'll be able to grow the performance and reliability of our existing
infrastructure. We also envision better support for new and liberating
architectures, and more resilient long-term storage of binaries and
source code. It will also allow us to continue our outreach efforts
and attract new interns to further improve and promote the project."</p>
<p>John W. Eaton, original author and primary maintainer of GNU Octave,
said, "We are grateful for such a generous donation. It is by far the
single largest monetary contribution we have ever received, and we
thank Handshake for including Octave in this select group. We have
only begun to imagine how these funds might impact Octave, but given
the size of the gift, we intend something transformational and
previously impossible."</p>
<p>David Edelsohn, founding GCC Steering Committee member and GNU
Toolchain Fund trustee, said "We are incredibly gratified by the
confidence in and support for the GNU Toolchain demonstrated by this
donation. This donation will allow the project to greatly expand its
outreach to students and new developers. It allows us to move forward
on a number of fronts with confidence that we have the resources to
match our imagination."</p>
<h2>About the Free Software Foundation</h2>
<p>The Free Software Foundation, founded in 1985, is dedicated to
promoting computer users' right to run, change, share, and
contribute to computer programs. The FSF promotes the development and
use of free (as in freedom) software -- particularly the GNU operating
system and its GNU/Linux variants -- and free documentation for free
software. The FSF also helps to spread awareness of the ethical and
political issues of freedom in the use of software, and its Web sites,
located at <a href="https://fsf.org">https://fsf.org</a> and <a href="https://gnu.org">https://gnu.org</a>, are an important
source of information about GNU/Linux. Donations to support the FSF's
work can be made at <a href="https://donate.fsf.org">https://donate.fsf.org</a>. Its headquarters are in
Boston, MA, USA.</p>
<p>More information about the FSF, as well as important information for
journalists and publishers, is at <a href="https://www.fsf.org/press">https://www.fsf.org/press</a>.</p>
<h2>Media Contact</h2>
<p>John Sullivan<br />
Executive Director<br />
Free Software Foundation<br />
+1 (617) 542 5942<br />
<a href="mailto:campaigns@fsf.org">campaigns@fsf.org</a></p>
[fsf news] FSF job opportunity: web developer
2018-11-09T19:25:00Z
<p>The Free Software Foundation (FSF), a Massachusetts 501(c)(3) charity
with a worldwide mission to protect computer user freedom, seeks a
motivated and talented Boston-based individual to be our full-time web
developer.</p>
<p>This position, reporting to the executive director, works closely with
our sysadmin team and chief technology officer to maintain and improve
the FSF's Web presence. The FSF uses several different free software
Web platforms in the course of our work, both internally and
externally. These platforms are critical to work supporting the GNU
Project, free software adoption, free media formats, and freedom on
the Internet; and to opposing bulk surveillance, Digital Restrictions
Management, software patents, and proprietary software.</p>
<p>We are looking for someone who is comfortable with keeping these
systems up-to-date and working, as well as customizing them when
necessary. While the main duties will relate to the backend systems,
frontend experience with templates, HTML, CSS, JavaScript, and design
tools will be a big plus. The web developer will help lead major
projects, such as the relaunch of <a href="https://www.fsf.org">https://www.fsf.org</a> and migration
of <a href="https://audio-video.gnu.org">https://audio-video.gnu.org</a> to GNU MediaGoblin. They will also
be part of the team running the annual LibrePlanet conference, and contribute to decisions about which new platforms to use or which
existing ones to retire.</p>
<p>Examples of platforms maintained by the web developer include, but are
not limited to:</p>
<ul>
<li>CiviCRM</li>
<li>Drupal</li>
<li>MediaWiki</li>
<li>Plone / Zope</li>
<li>Ikiwiki</li>
<li>Request Tracker</li>
<li>Etherpad</li>
<li>CAS</li>
<li>GNU social</li>
<li>GNU MediaGoblin</li>
<li>Icecast</li>
</ul>
<p>Because the FSF works globally and seeks to have our materials
distributed in as many languages as possible, multilingual candidates
will have an advantage. With our small staff of fourteen, each person
makes a clear contribution. We work hard, but offer a humane and fun
work environment at an office located in the heart of downtown Boston.</p>
<p>The FSF is a mature but growing organization that provides great
potential for advancement; existing staff get the first chance at any
new job openings. This position is also a good starting point for
anyone who might be interested in other roles on our technical team in
the future.</p>
<h2>Benefits and salary</h2>
<p>This job is a union position that must be worked on-site at the FSF's
downtown Boston office. The salary is fixed at $53,269/year, and is
non-negotiable. Benefits include:</p>
<ul>
<li>fully subsidized individual or family health coverage through Blue Cross Blue Shield;<br />
</li>
<li>partially subsidized dental plan;</li>
<li>four weeks of paid vacation annually;<br />
</li>
<li>seventeen paid holidays annually;<br />
</li>
<li>weekly remote work allowance;<br />
</li>
<li>public transit commuting cost reimbursement;<br />
</li>
<li>403(b) program with employer match;<br />
</li>
<li>yearly cost-of-living pay increases based on government guidelines;<br />
</li>
<li>health care expense reimbursement;<br />
</li>
<li>ergonomic budget;<br />
</li>
<li>relocation (to Boston area) expense reimbursement;<br />
</li>
<li>conference travel and professional development opportunities; and<br />
</li>
<li>potential for an annual performance bonus.</li>
</ul>
<h2>Application instructions</h2>
<p>Applications must be submitted via email to <a href="mailto:hiring@fsf.org">hiring@fsf.org</a>. The
email must contain the subject line "web developer." A complete
application should include:</p>
<ul>
<li>resume;</li>
<li>cover letter; and</li>
<li>links to any previous work online.</li>
</ul>
<p>All materials must be in a free format. Email submissions that do not
follow these instructions will probably be overlooked. No phone calls
or paper applications, please.</p>
<p><strong>Applications will be reviewed on a rolling basis until the position is
filled. To guarantee consideration, submit your application by Friday,
November 30, 2018.</strong></p>
<p>The FSF is an equal opportunity employer and will not discriminate
against any employee or application for employment on the basis of
race, color, marital status, religion, age, sex, sexual orientation,
national origin, handicap, or any other legally protected status
recognized by federal, state or local law. We value diversity in our
workplace. Women, people of color and LGBTQ individuals are strongly
encouraged to apply.</p>
<h3>About the Free Software Foundation</h3>
<p>The Free Software Foundation, founded in 1985, is dedicated to
promoting computer users' right to use, study, copy, modify, and
redistribute computer programs. The FSF promotes the development and
use of free (as in freedom) software -- particularly the GNU operating
system and its GNU/Linux variants -- and free documentation for free
software. The FSF also helps to spread awareness of the ethical and
political issues of freedom in the use of software, and its Web sites,
located at <a href="https://www.fsf.org">https://www.fsf.org</a> and <a href="https://www.gnu.org">https://www.gnu.org</a>, are an important source of information
about GNU/Linux. Donations to support the FSF's work can be made at
<a href="https://donate.fsf.org">https://donate.fsf.org</a>. We are based in Boston, MA, USA.</p>
<p>More information about the FSF, as well as important information for
journalists and publishers, is at <a href="https://www.fsf.org/press">https://www.fsf.org/press</a>.</p>
[fsf news] Keynotes announced for LibrePlanet 2019 free software conference
2018-10-18T21:05:00Z
<p>BOSTON, Massachusetts, USA -- Thursday, October 18, 2018 -- The Free
Software Foundation (FSF) today announced all four keynote speakers
who will appear at the 11th annual LibrePlanet free software
conference, which will take place in the Boston area, March 23-24,
2019.</p>
<p>Keynote speakers for the 10th annual <a href="https://www.libreplanet.org/2019">LibrePlanet</a> conference will
include Debian Project contributor Bdale Garbee, free software
activist Micky Metts, physician Tarek Loubani, and FSF founder and
president Richard Stallman.</p>
<p>LibrePlanet is an annual conference for free software users and anyone
who cares about the intersection of technology and social justice. For
ten years, LibrePlanet has brought together thousands of diverse
voices and knowledge bases, including free software developers, policy
experts, activists, hackers, students, and people who have just begun
to learn about free software.</p>
<p>
<div style="float: right; width: 250px; margin: 10px 0px 10px 10px; padding: 4px; background-color: #EEEEEE; text-align: center; font-size: 75%;">
<img alt="Bdale Garbee" src="https://static.fsf.org/nosvn/libreplanet/2019/speaker-pics/bdale-cropped.jpg" width="250" />
</div>
</p>
<p>Bdale Garbee has contributed to the free software community since
1979. He was an early participant in the Debian Project, helped port
Debian GNU/Linux to five architectures, served as the Debian Project
Leader, then chairman of the Debian Technical Committee for nearly a
decade, and remains active in the Debian community. For a decade,
Bdale served as president of Software in the Public Interest. He also
served on the board of directors of the Linux Foundation, representing
individual affiliates and the developer community. Bdale currently
serves on the boards of the Freedombox Foundation, the Linux
Professional Institute, and Aleph Objects. He is also a member of the
Evaluations Committee at the Software Freedom Conservancy. In 2008,
Bdale became the first individual recipient of a Lutece d'Or award
from the Federation Nationale de l'Industrie du Logiciel Libre in
France.</p>
<p>
<div style="float: right; width: 250px; margin: 10px 0px 10px 10px; padding: 4px; background-color: #EEEEEE; text-align: center; font-size: 75%;">
<img alt="Micky Metts" src="https://static.fsf.org/nosvn/libreplanet/2019/speaker-pics/micky-cropped.jpg" width="250" />
</div>
</p>
<p>Micky Metts is an owner of Agaric, a worker-owned technology
cooperative. She is an activist hacker, industry organizer, public
speaker, connector, advisor, and visionary. Micky is a member of the
MayFirst People Link Leadership Committee, and is a liaison between
the Solidarity Economy Network (SEN) and the United States Federation
of Worker Cooperatives (USFWC), with an intention to bring communities
together. Micky is also a founding member of a cohort that is building
a new Boston public high school based in cooperative learning:
BoCoLab. She is a member of FSF.org and Drupal.org, a community based
in free software. She is a published author contributing to the book
<em>Ours to Hack and to Own</em>, one of the top technology books of 2017 in
<em>Wired</em> magazine.</p>
<p>
<div style="float: right; width: 250px; margin: 10px 0px 10px 10px; padding: 4px; background-color: #EEEEEE; text-align: center; font-size: 75%;">
<img alt="Tarek Loubani" src="https://static.fsf.org/nosvn/libreplanet/2019/speaker-pics/tarek-loubani-cropped.png" width="250" />
</div>
</p>
<p>Dr. Tarek Loubani is an emergency physician who works at the London
Health Sciences Centre in Canada and at Al Shifa Hospital in the Gaza
Strip. He is a fellow of the Shuttleworth Foundation, where he focuses
on free software medical devices. His organization, the Glia Project,
develops free/libre medical device designs for 3D printing, in an
effort to help medical systems such as Gaza's gain self-sufficiency
and local independence.</p>
<p>"This year's keynote speakers reflect the breadth of the free software
community and its impact," said FSF executive director John
Sullivan. "If you attend LibrePlanet or watch our free software-based
livestream, you will have the opportunity to hear from dedicated
contributors, activists, and people who saw an important need in our
world and met it using free software."</p>
<p>
<div style="float: right; width: 250px; margin: 10px 0px 10px 10px; padding: 4px; background-color: #EEEEEE; text-align: center; font-size: 75%;">
<img alt="Richard Stallman" src="https://static.fsf.org/nosvn/libreplanet/2019/speaker-pics/rms-cropped.jpg" width="250" />
</div>
</p>
<p>As he does each year, FSF president <a href="https://www.fsf.org/about/staff-and-board">Richard Stallman</a> will present
the <a href="https://www.fsf.org/awards">Free Software Awards</a> and discuss opportunities for, and
threats to, the free software movement. In 1983, Stallman launched the
free software movement, and he began developing the GNU operating
system (see <a href="https://www.gnu.org">https://www.gnu.org</a>) the following year. GNU is free
software: anyone may copy it and redistribute it, with or without
modifications. GNU/Linux (the GNU operating system used in
combination with the kernel Linux) is used on tens of millions of
computers today. Stallman has received the ACM Grace Hopper Award, a
MacArthur Foundation fellowship, the Electronic Frontier Foundation's
Pioneer Award, and the Takeda Award for Social/Economic Betterment, as
well as several doctorates honoris causa, and has been inducted into
the Internet Hall of Fame.</p>
<p>The <a href="https://my.fsf.org/node/20/">call for proposals</a> is open until October 26, 2018. <a href="https://my.fsf.org/civicrm/event/info?id=79&reset=1">General
registration</a> and <a href="https://my.fsf.org/civicrm/event/info?id=80&reset=1">exhibitor and sponsor registration</a> are also
open.</p>
<h3>About LibrePlanet</h3>
<p>LibrePlanet is the annual conference of the Free Software
Foundation. Over the last decade, LibrePlanet has blossomed from a
small gathering of FSF members into a vibrant multi-day event that
attracts a broad audience of people who are interested in the values
of software freedom. To sign up for announcements about LibrePlanet
2019, visit <a href="https://www.libreplanet.org/2019">https://www.libreplanet.org/2019</a>.</p>
<p>Each year at LibrePlanet, the FSF presents its annual Free Software
Awards. <a href="https://www.fsf.org/awards">Nominations for the awards</a> are open through Sunday,
November 4th, 2018 at 23:59 UTC.</p>
<p>For information on how your company can <a href="https://www.libreplanet.org/2019/sponsors">sponsor LibrePlanet or have a
table in our exhibit hall</a>, email <a href="mailto:campaigns@fsf.org">campaigns@fsf.org</a>.</p>
<p><a href="https://www.libreplanet.org/2018">LibrePlanet 2018</a> was held at MIT from March 24-25, 2018. Nearly
350 attendees came together from across the world for workshops and
talks centered around the theme of "Freedom Embedded." You can <a href="https://media.libreplanet.org/u/libreplanet/tag/libreplanet-2018-video/">watch
videos from last year's conference</a>, including the opening keynote,
an exploration of the <a href="https://media.libreplanet.org/u/libreplanet/m/free-software-forever-with-slides/">potential for the free software community to
last forever</a> by maintaining its ideals while also welcoming
newcomers, by Deb Nicholson, who is now director of community
operations for the Software Freedom Conservancy.</p>
<h3>About the Free Software Foundation</h3>
<p>The Free Software Foundation, founded in 1985, is dedicated to
promoting computer users' right to use, study, copy, modify, and
redistribute computer programs. The FSF promotes the development and
use of free (as in freedom) software -- particularly the GNU operating
system and its GNU/Linux variants -- and free documentation for free
software. The FSF also helps to spread awareness of the ethical and
political issues of freedom in the use of software, and its Web sites,
located at <a href="https://www.fsf.org">https://www.fsf.org</a> and <a href="https://www.gnu.org">https://www.gnu.org</a>, are an important source of
information about GNU/Linux. Donations to support the FSF's work can
be made at <a href="https://donate.fsf.org">https://donate.fsf.org</a>. Its headquarters are in Boston,
MA, USA.</p>
<p>More information about the FSF, as well as important information for
journalists and publishers, is at <a href="https://www.fsf.org/press">https://www.fsf.org/press</a>.</p>
<h3>Media Contacts</h3>
<p>Molly de Blanc<br />
Campaigns Manager<br />
Free Software Foundation<br />
+1 (617) 542-5942<br />
campaigns@fsf.org</p>
<p><em>Photo of Richard Stallman by by Adte.ca. This image is licensed under a <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a> license.</em>
<em>Photo of Tarek Loubani by Tarek Loubani. This image is licensed under a <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a> license.</em>
<em>Photo of Bdale Garbee by Karen Garbee. This image is licensed under a <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a> license.</em>
<em>Photo of Micky Metts by Micky Metts. This image is licensed under a <a href="https://creativecommons.org/licenses/by/4.0/">CC BY 4.0</a> license.</em></p>
[fsf news] FSF statement on Microsoft joining the Open Invention Network
2018-10-11T03:13:55Z
<p>Microsoft's announcements on October 4th and 10th, that it has joined
both <a href="https://techcrunch.com/2018/10/04/microsoft-joins-the-lot-network-to-help-fight-patent-trolls/">LOT</a> and the <a href="https://www.zdnet.com/article/microsoft-open-sources-its-entire-patent-portfolio/">Open Invention Network (OIN)</a>, are
significant steps in the right direction, potentially providing
respite from Microsoft's well-known extortion of billions of dollars
from free software redistributors.</p>
<p>These steps, though, do not by themselves fully address the problem of
computational idea patents, or even Microsoft's specific infringement
claims. They do <em>not</em> mean that Microsoft has dismantled or freely
licensed its entire patent portfolio. The agreements for both LOT and
OIN have substantial limitations and exclusions. <a href="https://lotnet.com/how-lot-works/">LOT</a> only deals
with the problem of patent trolling by non-practicing entities. OIN's
nonaggression agreement only covers a <a href="https://www.openinventionnetwork.com/joining-oin/linux-system/">defined list of free software
packages</a>, and any OIN member, including Microsoft, can withdraw
completely with thirty days notice.</p>
<p>With these limitations in mind, FSF welcomes the announcements, and
calls on Microsoft to take additional steps to continue the momentum
toward a complete resolution:</p>
<p>1) Make a clear, unambiguous statement that it has ceased all patent
infringement claims on the use of Linux in Android.</p>
<p>2) Work within OIN to expand the definition of what it calls the
"Linux System" so that the list of packages protected from patents
actually includes everything found in a GNU/Linux system. This
means, for example, removing the current arbitrary and very
intentional exclusions for packages in the area of multimedia -- one
of the primary patent minefields for free software. We suggest that
this definition include every package in Debian's default public
package repository.</p>
<p>3) Use the past patent royalties extorted from free software to fund
the effective abolition of <em>all</em> patents covering ideas in software.
This can be done by supporting grassroots efforts like the FSF's
<a href="http://endsoftpatents.org">End Software Patents</a> campaign, or by Microsoft directly urging
the US Congress to pass legislation <a href="https://www.gnu.org/philosophy/limit-patent-effect.html">excluding software from the
effects of patents</a>, or both. Without this, the threats can come
back with a future leadership change at Microsoft, or with changes
in OIN's own corporate structure and licensing arrangements. This is
also the best way for Microsoft to show that it does not intend to
use patents as a weapon against <em>any</em> free software, beyond just
that free software which is part of OIN's specific list.</p>
<p>The FSF appreciates what Microsoft joining OIN seems to signal about
its changing attitude toward computational idea patents. Taking these
three additional steps would remove all doubt and any potential for
backsliding. We look forward to future collaboration on fully
addressing the threat of patents to free software development and
computer user freedom.</p>
<p>The FSF will also continue to monitor the situation, for any signs
that Microsoft intends to still continue patent aggression, in ways
permitted by the terms of LOT and OIN. We encourage anyone who is a
target of such patent aggression by <a href="https://www.gnu.org/philosophy/microsoft.html">Microsoft</a> to contact us at
<a href="mailto:campaigns@fsf.org">campaigns@fsf.org</a>.</p>
<h3>Media Contact</h3>
<p>John Sullivan<br />
Executive Director<br />
+1 (617) 542-5942<br />
<a href="mailto:campaigns@fsf.org">campaigns@fsf.org</a> </p>
<h3>About the Free Software Foundation</h3>
<p>The Free Software Foundation, founded in 1985, is dedicated to
promoting computer users' right to use, study, copy, modify, and
redistribute computer programs. The FSF promotes the development and
use of free (as in freedom) software -- particularly the GNU operating
system and its GNU/Linux variants -- and free documentation for free
software. The FSF also helps to spread awareness of the ethical and
political issues of freedom in the use of software, and its Web sites,
located at <a href="https://fsf.org">https://fsf.org</a> and <a href="https://gnu.org">https://gnu.org</a>, are an important
source of information about GNU/Linux. Donations to support the FSF's
work can be made at <a href="https://donate.fsf.org">https://donate.fsf.org</a>. Its headquarters are in
Boston, MA, USA.</p>
<p>More information about the FSF, as well as important information for
journalists and publishers, is at <a href="https://www.fsf.org/press">https://www.fsf.org/press</a>.</p>
[fsf news] FSF job opportunity: program manager
2018-10-10T22:35:00Z
<p>The Free Software Foundation (FSF), a Massachusetts 501(c)(3) charity
with a worldwide mission to protect computer user freedom, seeks a
motivated and talented Boston-based individual to be our full-time
program manager.</p>
<p>Reporting to the executive director, the program manager co-leads our
campaigns team. This position develops and promotes longer-term
resources and advocacy programs related to increasing the use of free
software and expanding and advancing the free software movement. The
program manager plays a key role in external communications,
fundraising, member engagement, and special events.</p>
<p>Examples of job responsibilities include, but are not limited to:</p>
<ul>
<li>Lead the planning and successful implementation of most events, such as our annual <a href="https://libreplanet.org/conference">LibrePlanet conference</a>;</li>
<li>Develop and maintain longer-term free software resources, such as the <a href="https://www.fsf.org/campaigns/priority-projects">High Priority Projects list</a>;</li>
<li>Coordinate two annual fundraising appeals, including goal setting, strategy, and working with outside contractors;</li>
<li>Implement the FSF's communications and messaging strategy, including serving as a primary point of contact with press and the external public;</li>
<li>Write and edit for FSF blogs, external periodical publications, and both digital and print resources;</li>
<li>Assist with planning and execution of issue campaigns, working in concert with the campaigns manager;</li>
<li>Occasional conference travel and speaking as an FSF representative.</li>
</ul>
<p>Ideal candidates have at least three to five years of work experience
with project management, fundraising, events management, and nonprofit
program management. Proficiency, experience, and comfort with
professional writing and media relationships preferred. Because the
FSF works globally and seeks to have our materials distributed in as
many languages as possible, multilingual candidates will have an
advantage. With our small staff of fourteen, each person makes a
clear contribution. We work hard, but offer a humane and fun work
environment at an office located in the heart of downtown Boston. The
FSF is a mature but growing organization that provides great potential
for advancement; existing staff get the first chance at any new job
openings.</p>
<h2>Benefits and Salary</h2>
<p>This job is a union position that must be worked on-site at the FSF's
downtown Boston office. The salary is fixed at $61,672/year and is
non-negotiable. Other benefits include:</p>
<ul>
<li>Fully subsidized individual or family health coverage through Blue Cross Blue Shield;<br />
</li>
<li>Partially subsidized dental plan;<br />
</li>
<li>Four weeks of paid vacation annually; </li>
<li>Seventeen paid holidays annually; <br />
</li>
<li>Weekly remote work allowance; <br />
</li>
<li>Public transit commuting cost reimbursement;<br />
</li>
<li>403(b) program with employer match;<br />
</li>
<li>Yearly cost-of-living pay increases based on government guidelines;<br />
</li>
<li>Health care expense reimbursement;<br />
</li>
<li>Ergonomic budget;<br />
</li>
<li>Relocation (to Boston area) expense reimbursement;<br />
</li>
<li>Conference travel and professional development opportunities; and<br />
</li>
<li>Potential for an annual performance bonus.</li>
</ul>
<h2>Application Instructions</h2>
<p>Applications must be submitted via email to <a href="mailto:hiring@fsf.org">hiring@fsf.org</a>. The
email must contain the subject line "Program Manager." A complete
application should include:</p>
<ul>
<li>Cover letter</li>
<li>Resume</li>
<li>Two recent writing samples</li>
</ul>
<p>All materials must be in a free format. Email submissions that do not
follow these instructions will probably be overlooked. No phone calls,
please.</p>
<p><strong>Applications will be reviewed on a rolling basis until the position
is filled.</strong></p>
<p>The FSF is an equal opportunity employer and will not discriminate
against any employee or application for employment on the basis of
race, color, marital status, religion, age, sex, sexual orientation,
national origin, handicap, or any other legally protected status
recognized by federal, state or local law. We value diversity in our
workplace.</p>
<h3>About the Free Software Foundation</h3>
<p>The Free Software Foundation, founded in 1985, is dedicated to
promoting computer users' right to use, study, copy, modify, and
redistribute computer programs. The FSF promotes the development and
use of free (as in freedom) software — particularly the GNU operating
system and its GNU/Linux variants — and free documentation for free
software. The FSF also helps to spread awareness of the ethical and
political issues of freedom in the use of software, and its Web sites,
located at <a href="https://www.fsf.org">fsf.org</a> and <a href="https://www.gnu.org">gnu.org</a>, are an important source of information
about GNU/Linux. Donations to support the FSF's work can be made at
<a href="https://donate.fsf.org">https://donate.fsf.org</a>. We are based in Boston, MA, USA.</p>
<p>More information about the FSF, as well as important information for
journalists and publishers, is at <a href="https://www.fsf.org/press">https://www.fsf.org/press</a>.</p>
[fsf news] FSF takes international day of action for a Day Without DRM on September 18th
2018-09-17T16:55:00Z
<p>On Tuesday, September 18th, there will be two rallies in Boston – one
from 12:00pm - 2:00pm at the Boston Public Library at 700 Boylston
Street, and one from 6:00pm - 7:00pm in front of the Apple Store at
815 Boylston Street.</p>
<p>DRM is the practice of imposing technological restrictions that
control what users can do with digital media. DRM creates a damaged
good: it prevents you from doing what would be possible without
it. This concentrates control over production and distribution of
media, giving DRM peddlers the power to carry out massive digital
book-burnings and conduct large-scale surveillance over people's media
viewing habits.</p>
<p>Organized by the <a href="https://defectivebydesign.org">Defective by Design</a> team, IDAD has occurred
annually since 2006. Each year, participants take action through
protests, rallies, and the sharing of DRM-free media and
materials. Participating nonprofits, activist groups, and companies
from around the world include the Electronic Frontier Foundation, Open
Rights Group, Public Knowledge, The Document Foundation, and others
(for a complete list, see: <a href="https://dayagainstdrm.org">https://dayagainstdrm.org</a>). These groups
will share the message by writing about why DRM is harmful, organizing
events, and offering discounts on DRM-free media.</p>
<p>"DRM is a major problem for computer user freedom, artistic
expression, free speech, and media," said John Sullivan, executive
director of the FSF. "International Day Against DRM has allowed us to,
year after year, empower people to rise up together and in one voice
declare that DRM is harmful to everyone."</p>
<p>This year's theme is <em>A Day Without DRM</em> – the FSF invites people
around the world to avoid DRM for the day. DRM is lurking in many
electronic devices we use, both online and offline, and you'll find it
everywhere from media files to vehicles. Its impact is echoed in the
fight for the Right to Repair and the fight for the right to
investigate the software in medical devices. Examples of flagrant DRM
abuses include:</p>
<ul>
<li>
<p>In a classic example from 2009, Amazon remotely deleted thousands of
copies of George Orwell's <em>1984</em> from Kindle ebook readers. Given
this power, corporations like Amazon could fully disappear a book
from existence if they chose, committing a massive digital
book-burning. Amazon still has the power to do this, and has
remotely deleted at least one user's library since then.</p>
</li>
<li>
<p>A US law called the Digital Millennium Copyright Act (DMCA) makes it
illegal to remove DRM from media using widely-available online
tools. These policies have a chilling effect among security
researchers, those who wish to repair their devices, and anyone who
wants to understand how their technologies work.</p>
</li>
<li>
<p>Media companies including Netflix pressured the World Wide Web
Consortium to add DRM as a Web standard, normalizing DRM and giving
it the opportunity to become even more prevalent.</p>
</li>
</ul>
<p>DRM-supporting companies and device manufacturers claim it makes
technology and media more secure, enhances user experience, and
protects rights holders. In reality, the technologies behind DRM have
been used <a href="https://www.theregister.co.uk/2005/11/10/sony_drm_trojan/">as a vulnerability</a> since 2005 to attack end-users'
computer systems and devices. DRM limits what users can do with their
media: access is limited by the whims of rights holders. Rather than
protecting people who create media, it protects the interests of large
companies that aggregate media.</p>
<p>For a thorough overview of DRM abuses, please visit the <a href="https://www.defectivebydesign.org/faq">Defective by
Design FAQ</a>.</p>
<h2>About Defective by Design</h2>
<p>Defective by Design is an initiative of the Free Software
Foundation. It is a participatory and grassroots campaign exposing
DRM-encumbered devices and media for what they really are: Defective
by Design. It works together with activists and others to eliminate
DRM as a threat to innovation in media, reader privacy, and freedom
for computer users.</p>
<h2>About the Free Software Foundation</h2>
<p>The Free Software Foundation, founded in 1985, is dedicated to
promoting computer users' right to use, study, copy, modify, and
redistribute computer programs. The FSF promotes the development and
use of free (as in freedom) software –- particularly the GNU operating
system and its GNU/Linux variants –- and free documentation for free
software. The FSF also helps to spread awareness of the ethical and
political issues of freedom in the use of software, and its Web sites,
located at <a href="https://www.fsf.org">fsf.org</a> and
<a href="https://www.gnu.org">gnu.org</a>, are an important source of information
about GNU/Linux. Donations to support the FSF's work can be made at
<a href="https://donate.fsf.org">https://donate.fsf.org</a>. Its headquarters are in Boston, MA, USA.</p>
<p>More information about the FSF, as well as important information for
journalists and publishers, is at <a href="https://www.fsf.org/press">https://www.fsf.org/press</a>.</p>
<h2>Media Contacts</h2>
<p>Molly de Blanc<br />
Campaigns Manager<br />
Free Software Foundation<br />
+1 (617) 542 5942<br />
<a href="mailto:campaigns@fsf.org">campaigns@fsf.org</a></p>
[fsf news] Eleventh annual LibrePlanet conference set for March 23-24, 2019
2018-09-05T16:55:00Z
<p>The <a href="https://my.fsf.org/node/20/">call for proposals</a> is open now,
until October 26, 2018. <a href="https://my.fsf.org/civicrm/event/info?id=79&reset=1">General registration</a> and <a href="https://my.fsf.org/civicrm/event/info?id=80&reset=1">exhibitor and
sponsor registration</a> are also open.</p>
<p><a href="https://www.libreplanet.org/2019">LibrePlanet</a> is an annual conference for free software users and
anyone who cares about the intersection of technology and social
justice. For a decade, LibrePlanet has brought together thousands of
diverse voices and knowledge bases, including free software
developers, policy experts, activists, hackers, students, and people
who have just begun to learn about free software.</p>
<p>LibrePlanet 2019 will feature sessions for all ages and experience
levels, including newcomers. Sharon Woods, general counsel for the
Defense Digital Service (US Department of Defense) said, “Last year
was my first LibrePlanet... I walked away a complete believer in free
software.” In just the last three years, over a thousand people from
around the world have attended LibrePlanet, with many more
participating online by watching the free software-powered livestream,
joining the conversation on IRC, or viewing nearly 40 hours of
archived video on <a href="https://media.libreplanet.org/">the FSF's GNU MediaGoblin instance</a>.</p>
<p>LibrePlanet 2019's theme is "Trailblazing Free Software." In 1983, the
free software movement was born with the announcement of the GNU
Project. FSF founder Richard Stallman saw the dangers of proprietary
code from the beginning: when code was kept secret from users, they
would be controlled by the technology they used, instead of vice
versa. In contrast, free software emphasized a community-oriented
philosophy of sharing code freely, enabling people to understand how
the programs they used worked, to build off of each other's code, to
pay it forward by sharing their own code, and to create useful
software that treated users fairly.</p>
<p>"Every year, ideas are introduced, discussed, and developed at
LibrePlanet that advance the free software movement and help
technology and associated law actually serve the people using them,"
said FSF executive director John Sullivan. "People will leave the next
edition doubly motivated to chart a path away from dependency on
unfree software companies like Facebook, Apple, Uber, and Microsoft,
and with new knowledge about tools to help them do so."</p>
<p>When he identified control over one's own computer as a requirement
for ethical, trustworthy computing, Stallman anticipated some of the
most toxic aspects of today's proprietary software-filled world,
including Digital Restrictions Management (DRM), bulk surveillance,
and <a href="https://www.gnu.org/philosophy/who-does-that-server-really-serve.html">Service as a Software Substitute (SaaSS)</a>. With a new and
growing generation of free software enthusiasts, we can take this
conference as an opportunity to discuss both the present and the
future of the free software movement. Using the Four Freedoms as a
litmus test for ethical computing, we ask, "How will free software
continue to bring to life trailblazing, principled new technologies
and new approaches to the world?"</p>
<h5>Call for Proposals</h5>
<p>LibrePlanet 2019's talks and hands-on workshops can be for developers,
young people, newcomers to free software, activists looking for
technology that aligns with their ideals, policymakers, hackers,
artists, and tinkerers. Potential talks should examine or utilize free
software, copyleft, and related issues.</p>
<p>"Each year, newcomers and longtime free software activists of all ages
surprise us with unique ideas they propose to explore at LibrePlanet,"
said Georgia Young, program manager at the FSF. "We are excited to see
what trailblazing talk and workshop possibilities people bring to the
conference for 2019."</p>
<p><em><a href="https://my.fsf.org/node/20/">Submissions to the call for proposals</a> are being accepted through
Friday, October 26, 2018 at 10:00 EDT (14:00 UTC).</em></p>
<h5>About LibrePlanet</h5>
<p>LibrePlanet is the annual conference of the Free Software
Foundation. Over the last decade, LibrePlanet has blossomed from a
small gathering of FSF members into a vibrant multi-day event that
attracts a broad audience of people who are interested in the values
of software freedom. To sign up for
announcements about LibrePlanet 2019, visit
<a href="https://www.libreplanet.org/2019">https://www.libreplanet.org/2019</a>.</p>
<p>Each year at LibrePlanet, the FSF presents its annual Free Software
Awards. <a href="https://www.fsf.org/awards/">Nominations for the awards</a> are open through Sunday,
November 4th, 2018 at 23:59 UTC.</p>
<p>For information on how your company can <a href="https://www.libreplanet.org/2019/sponsors">sponsor LibrePlanet or have a
table in our exhibit hall</a>, email <a href="mailto:campaigns@fsf.org">campaigns@fsf.org</a>.</p>
<p><a href="https://www.libreplanet.org/2018">LibrePlanet 2018</a> was held at MIT from March 24-25, 2018. Nearly
350 attendees came together from across the world for workshops and
talks centered around the theme of "Freedom Embedded." You can <a href="https://media.libreplanet.org/u/libreplanet/tag/libreplanet-2018-video/">watch
videos from last year's conference</a>, including the opening keynote,
an exploration of <a href="https://media.libreplanet.org/u/libreplanet/m/free-software-forever-with-slides/">the potential for the free software community to
last forever</a> by maintaining its ideals while also welcoming
newcomers, by Deb Nicholson, who is now director of community
operations for the Software Freedom Conservancy.</p>
<h5>About the Free Software Foundation</h5>
<p>The Free Software Foundation, founded in 1985, is dedicated to
promoting computer users' right to use, study, copy, modify, and
redistribute computer programs. The FSF promotes the development and
use of free (as in freedom) software -- particularly the GNU operating
system and its GNU/Linux variants -- and free documentation for free
software. The FSF also helps to spread awareness of the ethical and
political issues of freedom in the use of software, and its Web sites,
located at <a href="https://www.fsf.org">fsf.org</a> and <a href="https://www.gnu.org">gnu.org</a>, are an important source of information about
GNU/Linux. Donations to support the FSF's work can be made at
<a href="https://donate.fsf.org">https://donate.fsf.org</a>. Its headquarters are in Boston, MA, USA.</p>
<p>More information about the FSF, as well as important information for
journalists and publishers, is at <a href="https://www.fsf.org/press">https://www.fsf.org/press</a>.</p>
<h5>Media Contacts</h5>
<p>Georgia Young<br />
Program Manager<br />
Free Software Foundation<br />
+1 (617) 542-5942<br />
<a href="mailto:campaigns@fsf.org">campaigns@fsf.org</a></p>
[fsf news] FSF job opportunity: Business operations manager
2018-08-09T20:40:00Z
<p>The Free Software Foundation (FSF), a Massachusetts 501(c)(3) charity with a worldwide mission to protect computer user freedom, seeks a motivated and talented Boston-based individual to be our full-time Business Operations Manager.</p>
<p>This position, reporting to the executive director, works as part of our operations team to ensure the organization's financial, human resources, and administrative functions run smoothly and in compliance with all legal and policy requirements. We are looking for a hands-on and detail-oriented professional who is comfortable working independently and with multiple teams, including some remote coworkers. Ideal candidates will be proactive and highly adaptable, with an aptitude for learning new tools and coming up with creative solutions. Applicants should have at least three years of experience with bookkeeping and nonprofit operations; human resources experience a plus. </p>
<p>Examples of job responsibilities include, but are not limited to:</p>
<ul>
<li>
<p>processing accounts receivable and payable, bank deposits, and monthly financial reconciliation,</p>
</li>
<li>
<p>preparing annual budget and regular financial reports for management, helping the organization maintain its fiscal health and excellent four-star rating on Charity Navigator,</p>
</li>
<li>
<p>assisting management with the annual audit,</p>
</li>
<li>
<p>working with the operations team to ensure that GNU Press (<a href="https://shop.fsf.org/">https://shop.fsf.org/</a>) continues to support fundraising efforts,</p>
</li>
<li>
<p>purchasing for operational and programmatic purposes,</p>
</li>
<li>
<p>coordinating ongoing vendor review,</p>
</li>
<li>
<p>administering the FSF's payroll and benefits programs,</p>
</li>
<li>
<p>providing administrative assistance to management during hiring, onboarding, and offboarding,</p>
</li>
<li>
<p>monitoring legal and regulatory landscape for changes that may impact the FSF, and</p>
</li>
<li>
<p>pitching in to help with organization-wide projects, like our major fundraising activities and annual LibrePlanet conference.</p>
</li>
</ul>
<p>Because the FSF works globally and seeks to have our materials distributed in as many languages as possible, multilingual candidates will have an advantage. With our small staff of thirteen, each person makes a clear contribution. We work hard, but offer a humane and fun work environment at an office located in the heart of downtown Boston. The FSF is a mature but growing organization that provides great potential for advancement; existing staff get the first chance at any new job openings.</p>
<h1>Benefits and Salary</h1>
<p>This job is a union position that must be worked on-site at the FSF's downtown Boston office. The salary is fixed at $61,672/year and is non-negotiable. Benefits include:</p>
<ul>
<li>fully subsidized individual or family health coverage through Blue Cross Blue Shield,<br />
</li>
<li>partially subsidized dental plan,<br />
</li>
<li>four weeks of paid vacation annually,<br />
</li>
<li>seventeen paid holidays annually,<br />
</li>
<li>weekly remote work allowance,<br />
</li>
<li>public transit commuting cost reimbursement,<br />
</li>
<li>403(b) program with employer match,<br />
</li>
<li>yearly cost-of-living pay increases based on government guidelines,<br />
</li>
<li>health care expense reimbursement,<br />
</li>
<li>ergonomic budget,<br />
</li>
<li>relocation (to Boston area) expense reimbursement,<br />
</li>
<li>conference travel and professional development opportunities, and<br />
</li>
<li>potential for an annual performance bonus.</li>
</ul>
<h1>Application Instructions</h1>
<p>Applications must be submitted via email to <a href="mailto:hiring@fsf.org">hiring@fsf.org</a>. The email must contain the subject line "Business Operations Manager." A complete application should include:</p>
<ul>
<li>cover letter,<br />
</li>
<li>resume, and<br />
</li>
<li>two recent references.</li>
</ul>
<p>All materials must be in a free format. Email submissions that do not follow these instructions will probably be overlooked. No phone calls, please.</p>
<p><strong>Applications will be reviewed on a rolling basis until the position is filled. To guarantee consideration, submit your application by October 14, 2018.</strong> </p>
<p>The FSF is an equal opportunity employer and will not discriminate against any employee or application for employment on the basis of race, color, marital status, religion, age, sex, sexual orientation, national origin, handicap, or any other legally protected status recognized by federal, state or local law. We value diversity in our workplace.</p>
<h1>About the Free Software Foundation</h1>
<p>The Free Software Foundation, founded in 1985, is dedicated to promoting computer users' right to use, study, copy, modify, and redistribute computer programs. The FSF promotes the development and use of free (as in freedom) software -- particularly the GNU operating system and its GNU/Linux variants -- and free documentation for free software. The FSF also helps to spread awareness of the ethical and political issues of freedom in the use of software, and its Web sites, located at fsf.org and gnu.org, are an important source of information about GNU/Linux. Donations to support the FSF's work can be made at <a href="https://donate.fsf.org">https://donate.fsf.org</a>. We are based in Boston, MA, USA.</p>
[lwn] Security updates for Wednesday
2019-05-01T17:06:10Z
ris
Security updates have been issued by <b>Fedora</b> (libmediainfo, php-horde-horde, and php-horde-turba), <b>SUSE</b> (hostinfo, supportutils, libjpeg-turbo, and openssl), and <b>Ubuntu</b> (dovecot, libpng1.6, and memcached).
[lwn] [$] The state of system observability with BPF
2019-05-01T05:08:18Z
corbet
The 2019 version of the Linux Storage, Filesystem, and Memory-Management
Summit opened with a plenary talk by Brendan Gregg on observing the state
of Linux systems using BPF. It is, he said, an exciting time; the
BPF-based "superpowers" being added to the kernel are growing in capability and
maturity. It is now possible to ask many questions about what is happening
in a production Linux system without the need for kernel modifications or
even basic debugging information.
[lwn] Fedora 30 released
2019-04-30T17:29:24Z
ris
Fedora Magazine has <a
href="https://fedoramagazine.org/announcing-fedora-30/">announced the
release</a> of Fedora 30. "<span>Fedora Editions are targeted outputs geared toward specific “showcase” uses. Since we first started using this concept in the Fedora 21 release, the needs of the community have continued to evolve. As part of Fedora 30, we’re combining cloud and server into the Fedora Server edition. We’re bringing in Fedora CoreOS to replace Fedora Atomic Host as our container-focused deliverable in the Fedora 30 timeframe — stay tuned for that. The Fedora Workstation edition continues to focus on delivering the latest in open source desktop tools.
Of course, we produce more than just the editions. Fedora Spins and Labs target a variety of audiences and use cases, including the Internet of Things. And, we haven’t forgotten our alternate architectures, ARM AArch64, Power, and S390x.</span>"
[lwn] Security updates for Tuesday
2019-04-30T17:23:59Z
ris
Security updates have been issued by <b>CentOS</b> (kernel, openwsman, and ovmf), <b>Debian</b> (gst-plugins-base1.0 and libvirt), <b>Fedora</b> (libX11, poppler, python-urllib3, samba, and wpewebkit), <b>openSUSE</b> (GraphicsMagick), <b>SUSE</b> (atftp, glibc, libssh2_org, and wpa_supplicant), and <b>Ubuntu</b> (wavpack).
[lwn] [$] ClearlyDefined: Putting license information in one place
2019-04-30T03:20:12Z
jake
<p>
Determining the license that any given package uses can be difficult, but it is
essential in order to properly comply with that license and, thus, the
developer's wishes. There
is an enormous amount of "open source" software available these days that
is not clearly licensed, which is where the <a
href="https://clearlydefined.io/about">ClearlyDefined project</a> comes
in. The project is collecting a curated list of packages,
source location, and license information; some of that collection can be
automated, but ClearlyDefined is targeting the community to provide
curation in the form of cleanups and additions.
[lwn] Apache Software Foundation moves to GitHub
2019-04-29T22:34:56Z
ris
The Apache Software Foundation (ASF) and GitHub have announced [<a
href="https://blogs.apache.org/foundation/entry/the-apache-software-foundation-expands">ASF</a>,
<a
href="https://github.blog/2019-04-29-apache-joins-github-community/">GitHub</a>]
that all ASF projects using Git have moved to GitHub and the ASF Git service has
been decommissioned. (Thanks to Paul Wise)
[lwn] Security updates for Monday
2019-04-29T17:29:40Z
ris
Security updates have been issued by <b>Arch Linux</b> (chromium, libpng, and openssh), <b>Debian</b> (checkstyle, evolution, gst-plugins-base0.10, gst-plugins-base1.0, imagemagick, libpng1.6, monit, and systemd), <b>Fedora</b> (aria2, php-symfony, php-symfony3, php-symfony4, and python-jinja2), <b>openSUSE</b> (ceph, libssh2_org, libvirt, php7, python3, samba, wget, and xerces-c), <b>Red Hat</b> (rh-python35-python), <b>Slackware</b> (bind), <b>SUSE</b> (libssh2_org), and <b>Ubuntu</b> (evince, gst-plugins-base0.10, gst-plugins-base1.0, and mysql-5.7).
[lwn] Kernel prepatch 5.1-rc7
2019-04-29T04:37:03Z
corbet
Linus has released the <a href="https://lwn.net/Articles/786994/">5.1-rc7</a> kernel
prepatch for testing. "<span>But it's all pretty tiny. Plus about 30% of
the patches are marked for stable, so on the whole it really does feel like
5.1 is on target for a regular release next weekend.</span>"
[lwn] A big set of stable kernel updates
2019-04-27T16:31:12Z
corbet
The
<a href="https://lwn.net/Articles/786952/">5.0.10</a>,
<a href="https://lwn.net/Articles/786953/">4.19.37</a>,
<a href="https://lwn.net/Articles/786954/">4.14.114</a>,
<a href="https://lwn.net/Articles/786955/">4.9.171</a>,
<a href="https://lwn.net/Articles/786956/">4.4.179</a>, and
<a href="https://lwn.net/Articles/786957/">3.18.139</a>
stable kernel updates have all been released; each contains a moderately
large set of important fixes.
[lwn] An eBPF overview, part 3: Walking up the software stack (Collabora blog)
2019-04-26T22:33:45Z
jake
Adrian Ratiu continues his <a href="https://lwn.net/Articles/786057/">series on eBPF</a> with <a href="https://www.collabora.com/news-and-blog/blog/2019/04/26/an-ebpf-overview-part-3-walking-up-the-software-stack/">part 3</a>, which looks at various ways to write and build eBPF programs. It starts by looking at using "restricted C" with the LLVM eBPF compiler, moves into looking at the BPF Compiler Collection (BCC), then bpftrace, and finally the IOVisor cloud-based eBPF tools.
"<span>Not everyone has kernel sources at hand, especially in production, and it's also a bad idea in general to tie eBPF-based tools to a specific kernel source revision. Designing and implementing the interactions between eBPF program's backends, frontends, loaders and data structures can be very complex, error-prone and time consuming, especially in C which is considered a dangerous low-level [language]. In addition to these risks developers are also in a constant danger of re-inventing the wheel for common problems, with endless design variations and implementations. To alleviate all these pains is why the BCC project exists: it provides an easy-to-use framework for writing, loading and running eBPF programs, by writing simple python or lua scripts in addition to the 'restricted C' as exemplified above.</span>"
[lwn] [$] Bounce buffers for untrusted devices
2019-04-26T17:26:01Z
corbet
The recently discovered <a href="https://lwn.net/Articles/782381/">vulnerability in
Thunderbolt</a> has restarted discussions about protecting the kernel
against untrusted, hotpluggable hardware. That vulnerability, known as <a
href="http://thunderclap.io/">Thunderclap</a>, allows a hostile external
device to exploit <a
href="https://en.wikipedia.org/wiki/Input%E2%80%93output_memory_management_unit">Input-Output
Memory Management Unit (IOMMU)</a> mapping limitations and access system
memory it was not intended to. Thunderclap can be exploited by
USB-C-connected devices; while we have seen USB attacks in the past, this
vulnerability is different in that PCI devices, often considered as
trusted, can be a source of attacks too. One way of stopping those attacks
would be to make sure that the IOMMU is used correctly and restricts the device
to accessing the memory that was allocated for it. Lu Baolu has <a
href="https://lwn.net/ml/linux-kernel/20190327063506.32564-1-baolu.lu%40linux.intel.com/">posted
an implementation of that approach</a> in the form of bounce buffers for
untrusted devices.
[lwn] Security updates for Friday
2019-04-26T15:01:33Z
jake
Security updates have been issued by <b>Debian</b> (gpac and mercurial), <b>Fedora</b> (kernel-headers and kernel-tools), <b>openSUSE</b> (GraphicsMagick, kauth, lxc, lxcfs, python, qemu, and xmltooling), <b>SUSE</b> (freeradius-server, ImageMagick, libvirt, samba, and wireshark), and <b>Ubuntu</b> (bind9).
[lwn] The state of Linux graphic design tools in 2019 (Opensource.com)
2019-04-25T21:50:40Z
jake
Over at Opensource.com, Jason Brock <a href="https://opensource.com/article/19/4/linux-graphic-design-tools-professionals">tries out</a> Linux graphics tools, with an eye toward their ability to replace the proprietary tools he uses on a day-to-day basis. Overall, the tools held their own for a variety of tasks (e.g. logo and ad design, publication layout), though the lack of a certain type of tool brought the overall grade down to a B+: "<span>The lack of available wireframing and prototyping applications really brought down the average, but I'd still call it a successful exercise. As I mentioned at the beginning, design is a craft and it relies on collaboration. All of the tools I looked at—Inkscape, LibreDraw, GIMP, and Scribus—can run just as well on Windows or MacOS as they do on any Linux distribution. The ability to create robust artwork and share editable files with stakeholders and colleagues on the platform of their choice means that a serious argument could be made that these tools are even more versatile than their proprietary counterparts.</span>"
[lwn] [$] Some 5.1 development statistics
2019-04-25T18:38:43Z
corbet
The release of the <a href="https://lwn.net/Articles/786401/">5.1-rc6</a> kernel prepatch
on April 21 indicates that the 5.1 development cycle is getting close
to its conclusion. So naturally the time has come to put together some
statistics describing where the changes merged for 5.1 came from. It is,
for the most part, a fairly typical development cycle.
[lwn] Security updates for Thursday
2019-04-25T16:30:02Z
jake
Security updates have been issued by <b>Debian</b> (putty and systemd), <b>Fedora</b> (kernel, kernel-headers, and kernel-tools), <b>Gentoo</b> (ming and qemu), <b>openSUSE</b> (openexr and slurm), <b>SUSE</b> (ImageMagick, jasper, ntfs-3g_ntfsprogs, openssh, and webkit2gtk3), and <b>Ubuntu</b> (php5 and tcpflow).
[lwn] [$] LWN.net Weekly Edition for April 25, 2019
2019-04-25T02:07:29Z
corbet
The LWN.net Weekly Edition for April 25, 2019 is available.
[lwn] [$] Devuan, April Fools, and self-destruction
2019-04-24T23:57:03Z
jake
<p>
An April Fools joke that went sour seems to be at least the proximate cause
for a rather large upheaval in the <a
href="https://www.devuan.org/">Devuan</a> community.
For much of April 1 (or March 31 depending on time zone), the
Devuan web site looked like it had been taken
over by attackers, which was worrisome to many, but it was all a prank.
The joke was
clever, way over the top, unprofessional, or some combination of those,
depending on who is
describing it, but the incident and the threads on the devuan-dev mailing
list have led to rancor, resignations, calls for resignations, and more.
[lwn] Mozilla’s 2019 Internet Health Report
2019-04-24T19:24:09Z
ris
The Mozilla Blog <a
href="https://blog.mozilla.org/blog/2019/04/23/its-complicated-mozillas-2019-internet-health-report/">introduces</a>
Mozilla's <a href="https://internethealthreport.org/2019/">2019 Internet
Health Report</a>. "<span>In the Report’s three spotlight articles, we
unpack three big issues: One examines <a
href="https://internethealthreport.org/2019/lets-ask-more-of-ai/">the need
for better machine decision making</a> — that is, asking questions like
<i>Who designs the algorithms?</i> and <i>What data do they feed on?</i>
and <i>Who is being discriminated against?</i> Another examines ways to <a
href="https://internethealthreport.org/2019/rethinking-digital-ads/">rethink
the ad economy</a>, so surveillance and addiction are no longer design
necessities. The third spotlight article <a
href="https://internethealthreport.org/2019/the-power-of-cities/">examines
the rise of smart cities</a>, and how local governments can integrate tech
in a way that serves the public good, not commercial interests.</span>"
[lwn] [$] On technological liberty
2019-04-24T19:15:06Z
jake
<p>
In his keynote at the 2019 <a
href="https://fsfe.org/activities/ftf/legal-conference.en.html">Legal and
Licensing Workshop</a> (LLW), longtime workshop participant Andrew
Wilson looked
at the past, but he went much further back than, say, the history of free
software—or even computers. His talk looked at technological liberty in
the context of classical liberal philosophic thinking. He mapped some of
that thinking to the world of free and open-source software (FOSS) and to
some other areas where our liberties are under attack.
[lwn] Security updates for Wednesday
2019-04-24T17:00:56Z
ris
Security updates have been issued by <b>Arch Linux</b> (dovecot, flashplugin, ghostscript, and jenkins), <b>Fedora</b> (glpi, hostapd, python-urllib3, and znc), <b>openSUSE</b> (apache2, audiofile, libqt5-qtvirtualkeyboard, php5, and SDL2), <b>Scientific Linux</b> (kernel), <b>SUSE</b> (curl and dovecot23), and <b>Ubuntu</b> (advancecomp and freeradius).
[lwn] [$] The sustainability of open source for the long term
2019-04-23T17:50:07Z
jake
<p>
The problem of "sustainability" for open-source software is a common topic of
conversation in our community these days. We <a
href="https://lwn.net/Articles/783169/">covered</a> a talk by Bradley Kuhn on
sustainability a month ago. Another longtime community member, Luis Villa,
gave his take on the problem of making open-source projects sustainable at
the 2019 Legal and Licensing Workshop (LLW) in Barcelona. Villa is one of the
co-founders of <a href="https://tidelift.com/">Tidelift</a>, which is a
company dedicated to helping close the gap so that the maintainers of
open-source projects get paid in order to continue their work.
[lwn] Security updates for Tuesday
2019-04-23T17:01:39Z
ris
Security updates have been issued by <b>CentOS</b> (java-1.7.0-openjdk), <b>Debian</b> (ghostscript and wget), <b>Gentoo</b> (apache, glib, opendkim, and sqlite), <b>Red Hat</b> (kernel, kernel-alt, kernel-rt, ovmf, polkit, and python27-python), <b>Scientific Linux</b> (java-1.7.0-openjdk), and <b>SUSE</b> (php72).
[lwn] [$] SGX: when 20 patch versions aren't enough
2019-04-23T17:00:01Z
corbet
Intel's "<a href="https://software.intel.com/en-us/sgx">Software Guard
Extensions</a>" (SGX) feature allows the creation of
encrypted "enclaves" that cannot be accessed from the rest of the system.
Normal code can call into an enclave, but only code running inside the
enclave itself can access the data stored there. SGX is pitched as a way
of protecting data from a hostile kernel; for example, an encryption key
stored in an
enclave should be secure even if the system as a whole is compromised.
Support for SGX has been under development for over three years; LWN <a
href="https://lwn.net/Articles/686808/">covered it</a> in 2016. But, as can be seen from
the response to <a
href="https://lwn.net/ml/linux-kernel/20190417103938.7762-1-jarkko.sakkinen@linux.intel.com/">the
latest revision of the SGX patch set</a>, all that work has still not
answered an important question: what protects the kernel against a hostile
enclave?
[lwn] A year with Spectre: a V8 perspective
2019-04-23T15:29:04Z
corbet
Here's <a href="https://v8.dev/blog/spectre">an article on the V8 blog</a>
describing the work that was done to mitigate Spectre vulnerabilities in
the V8 JavaScript engine. "<span>Our research reached the conclusion that,
in principle, untrusted code can read a process’s entire address space
using Spectre and side channels. Software mitigations reduce the
effectiveness of many potential gadgets, but are not efficient or
comprehensive. The only effective mitigation is to move sensitive data out
of the process’s address space.</span>"
[lwn] A Goodbye to Joe Armstrong
2019-04-22T18:10:00Z
ris
The Erlang community <a href="https://ferd.ca/goodbye-joe.html">mourns the
loss</a> of Joe Armstrong, known as the father of Erlang. "<span>He was part of the Erlang landscape, always interested in what people had to say. His passion and enjoyment about the craft, even in his 60s, was still high up at levels I don't even know I ever had or will ever have, and I have to say I am envious of him for that. I don't know what it will be like to have this community without him around. He was humble. He was approachable. He was excited. He was creative. His legacy is not just in code, but in the communities in which he instantly became a central part. He will be missed.</span>"
[lwn] Security updates for Monday
2019-04-22T16:54:30Z
ris
Security updates have been issued by <b>CentOS</b> (java-1.8.0-openjdk and java-11-openjdk), <b>Debian</b> (clamav, debian-security-support, and drupal7), <b>Fedora</b> (egl-wayland, elementary-camera, elementary-code, elementary-terminal, ephemeral, geocode-glib, gnome-characters, gnome-shell-extension-gsconnect, group-service, libmodulemd, libxmlb, mate-user-admin, mesa, meson, mpris-scrobbler, reportd, switchboard-plug-display, switchboard-plug-pantheon-shell, wingpanel, and wireshark), <b>openSUSE</b> (blueman and glibc), and <b>Red Hat</b> (java-1.7.0-openjdk).
[lwn] The end of Scientific Linux
2019-04-22T15:49:01Z
corbet
Fermilab has maintained Scientific Linux, a derivative of Red Hat
Enterprise Linux, for many years. That era is coming to an end, though:
"<span>Toward that end, we will deploy CentOS 8 in our scientific computing
environments rather than develop Scientific Linux 8. We will collaborate
with CERN and other labs to help make CentOS an even better platform for
high-energy physics computing.</span>" Maintenance of the SL6 and SL7
distributions will continue as scheduled.
[lwn] Debian project leader election 2019 results
2019-04-22T15:46:26Z
corbet
The election for the Debian project leader has concluded; the leader for
the next year will be Sam Hartman. See <a
href="https://www.debian.org/vote/2019/vote_001">this page</a> for the
details of the vote.
[lwn] Kernel prepatch 5.1-rc6
2019-04-22T01:41:41Z
corbet
The <a href="https://lwn.net/Articles/786401/">5.1-rc6</a> kernel prepatch is out for
testing. "<span>It's Easter Sunday here, but I don't let little things
like random major religious holidays interrupt my kernel development
workflow. The occasional scuba trip? Sure. But everybody sitting around
eating traditional foods? No. You have to have priorities.</span>"
[lwn] Weekend stable kernel updates
2019-04-20T16:50:37Z
corbet
The
<a href="https://lwn.net/Articles/786360/">5.0.9</a>,
<a href="https://lwn.net/Articles/786361/">4.19.36</a>,
<a href="https://lwn.net/Articles/786362/">4.14.113</a>, and
<a href="https://lwn.net/Articles/786363/">4.9.170</a>
stable kernel updates have all been released. These moderately large
updates contain yet another set of important fixes.
[lwn] [$] Implementing fully immutable files
2019-04-19T16:57:19Z
corbet
Like all Unix-like systems, Linux implements the traditional protection
bits controlling who can access files in a filesystem (and what access
they have). Fewer users, perhaps, are aware of a set of additional
permission bits hidden away behind the <a
href="http://man7.org/linux/man-pages/man1/chattr.1.html"><tt>chattr</tt></a>
and <a
href="http://man7.org/linux/man-pages/man1/lsattr.1.html"><tt>lsattr</tt></a>
commands. Among other things, these bits can make a file append-only,
mark a file to be excluded from backups, cause a file's data to be automatically
overwritten on deletion, or make a file immutable. The implementation of
many of these features is incomplete at best, so perhaps it's not
surprising that immutable files can still be changed in certain
limited circumstances. Darrick Wong has posted <a
href="https://lwn.net/ml/linux-fsdevel/155552786671.20411.6442426840435740050.stgit@magnolia/">a
patch set</a> changing this behavior, implementing a user-visible
behavioral change that he describes as "<span>an extraordinary way to
destroy everything</span>".
[lwn] Security updates for Friday
2019-04-19T14:45:45Z
jake
Security updates have been issued by <b>Fedora</b> (atomic-reactor and osbs-client), <b>openSUSE</b> (libqt5-qtbase, lxc, tar, wget, and xmltooling), <b>Scientific Linux</b> (java-1.8.0-openjdk and java-11-openjdk), <b>SUSE</b> (php5), and <b>Ubuntu</b> (znc).
[lwn] [$] Tracking pages from get_user_pages()
2019-04-18T18:01:49Z
corbet
As has been recently <a href="https://lwn.net/Articles/784574/">discussed</a> here,
developers for the filesystem and memory-management subsystems have been
grappling for years with the problems posed by the <tt>get_user_pages()</tt>
mechanism. This function maps memory into the kernel's address space for
direct access by the kernel or peripheral devices, but that kind of access
can create confusion in the filesystem layers, which may not be expecting
that memory to be written to at any given time. A new <a
href="https://lwn.net/ml/linux-kernel/20190411210834.4105-1-jglisse@redhat.com/">patch
set</a> from Jérôme Glisse tries to chip away at a piece of the problem,
but a complete solution is not yet in view.
[lwn] Ubuntu 19.04 (Disco Dingo) released
2019-04-18T15:34:58Z
jake
Ubuntu 19.04, code named "Disco Dingo", has been released, along with the following flavors: Ubuntu Budgie, Kubuntu, Lubuntu, Ubuntu Kylin, Ubuntu MATE,
Ubuntu Studio, and Xubuntu.
"<span>The Ubuntu kernel has been updated to the 5.0 based Linux kernel,
our default toolchain has moved to gcc 8.3 with glibc 2.29, and we've
also updated to openssl 1.1.1b and gnutls 3.6.5 with TLS1.3 support.
Ubuntu Desktop 19.04 introduces GNOME 3.32 with increased performance,
smoother startup animations, quicker icon load times and reduced CPU+GPU
load. Fractional scaling for HiDPI screens is now available in Xorg
and Wayland.
Ubuntu Server 19.04 integrates recent innovations from key open
infrastructure projects like OpenStack Stein, Kubernetes, and Ceph with
advanced life-cycle management for multi-cloud and on-prem operations,
from bare metal, VMware and OpenStack to every major public cloud.</span>" More information can be found in the <a href="https://wiki.ubuntu.com/DiscoDingo/ReleaseNotes">release notes</a>.
[lwn] OpenSSH 8.0 released
2019-04-18T15:11:27Z
jake
OpenSSH 8.0 has been released with a bunch of new features and some bug fixes, including one for a security problem:
"<span>This release contains mitigation for a weakness in the scp(1) tool
and protocol (CVE-2019-6111): when copying files from a remote system
to a local directory, scp(1) did not verify that the filenames that
the server sent matched those requested by the client. This could
allow a hostile server to create or clobber unexpected local files
with attacker-controlled content.
This release adds client-side checking that the filenames sent from
the server match the command-line request,
The scp protocol is outdated, inflexible and not readily fixed. We
recommend the use of more modern protocols like sftp and rsync for
file transfer instead.</span>"
[lwn] Security updates for Thursday
2019-04-18T14:58:58Z
jake
Security updates have been issued by <b>CentOS</b> (polkit), <b>Gentoo</b> (dovecot, libseccomp, and patch), <b>openSUSE</b> (aubio, blktrace, flac, lxc, lxcfs, pspp, SDL, sqlite3, and xen), <b>Red Hat</b> (java-1.8.0-openjdk, java-11-openjdk, and rh-maven35-jackson-databind), <b>Scientific Linux</b> (java-1.8.0-openjdk), <b>Slackware</b> (libpng), <b>SUSE</b> (python, python3, sqlite3, and xerces-c), and <b>Ubuntu</b> (ntfs-3g).
[lwn] [$] LWN.net Weekly Edition for April 18, 2019
2019-04-18T03:09:43Z
corbet
The LWN.net Weekly Edition for April 18, 2019 is available.
[lwn] [$] Business models and open source
2019-04-17T21:02:09Z
jake
<p>
One of the more lively sessions that was held at the 2019 Legal and
Licensing Workshop (LLW) was Heather Meeker's talk on
open-source business models and alternative licensing. As a lawyer in
private practice, Meeker worked on
a number of the alternative licenses that were drafted and
presented over the last year or so. But she is also part of a venture
capital (VC) firm that is exclusively investing in companies focused on
open source, so she
has experience in thinking about what kinds of models actually work for
those types of businesses.
[lwn] Stable kernel updates
2019-04-17T16:38:02Z
ris
Stable kernels <a href="https://lwn.net/Articles/786159/">5.0.8</a>, <a
href="https://lwn.net/Articles/786160/">4.19.35</a>, <a
href="https://lwn.net/Articles/786161/">4.14.112</a>, and <a
href="https://lwn.net/Articles/786162/">4.9.169</a> have been released. They all contain
important fixes and users should upgrade.
[lwn] Security updates for Wednesday
2019-04-17T16:31:53Z
ris
Security updates have been issued by <b>CentOS</b> (mod_auth_mellon), <b>Debian</b> (ghostscript and ruby2.3), <b>openSUSE</b> (dovecot22, gnuplot, and openwsman), <b>Scientific Linux</b> (mod_auth_mellon), <b>SUSE</b> (krb5, openexr, python3, and wget), and <b>Ubuntu</b> (firefox and openjdk-lts).
[lwn] [$] An update on compliance for containers
2019-04-16T22:07:57Z
jake
<p> The inability to determine the contents of container images is a topic
that annoys Dirk Hohndel. At <a
href="https://lwn.net/Archives/ConferenceByYear/#2018-Free_Software_Legal__Licensing_Workshop">last
year's Legal and Licensing Workshop</a> (LLW), he gave a <a
href="https://lwn.net/Articles/752982/">presentation</a> that highlighted the problem and
some work he had been doing to combat it. At this year's LLW, he updated
attendees on the progress that has been made and where he hopes things will
go from here.
[lwn] Security updates for Tuesday
2019-04-16T16:53:33Z
ris
Security updates have been issued by <b>Debian</b> (cacti and libxslt), <b>Fedora</b> (pcsc-lite and samba), <b>Gentoo</b> (gnutls, phpmyadmin, and tiff), <b>openSUSE</b> (apache2, clamav, dovecot23, nodejs10, SDL, and webkit2gtk3), <b>Red Hat</b> (mod_auth_mellon and rh-python36-python), <b>SUSE</b> (firefox, nspr, nss and python), and <b>Ubuntu</b> (libxslt and webkit2gtk).
[lwn] [$] Avoiding page reference-count overflows
2019-04-16T02:49:34Z
corbet
The <a href="https://lwn.net/Articles/786002/">5.1-rc5 announcement</a> mentioned
"<span>changes all over</span>" and highlighted a number of the areas that
had been touched. One thing that was <i>not</i> mentioned there was the
addition of four patches fixing a security-related issue in the core
memory-management subsystem. The vulnerability is sufficiently difficult
to exploit that almost nobody should feel the need to rush out a kernel
update, but it is still interesting to look at as a demonstration of how
things can go wrong.
[lwn] An eBPF overview series from Collabora
2019-04-15T22:38:32Z
corbet
Adrian Ratiu is posting a series of articles on the Collabora blog digging
into the kernel's eBPF subsystem. The first two parts are available now:
<a
href="https://www.collabora.com/news-and-blog/blog/2019/04/05/an-ebpf-overview-part-1-introduction/">an
introduction</a> and <a
href="https://www.collabora.com/news-and-blog/blog/2019/04/15/an-ebpf-overview-part-2-machine-and-bytecode/">a
look at the virtual machine</a>. "<span>eBPF is a RISC register machine
with a total of 11 64-bit registers, a program counter and a 512 byte
fixed-size stack. 9 registers are general purpouse read-write, one is a
read-only stack pointer and the program counter is implicit, i.e. we can
only jump to a certain offset from it. The VM registers are always 64-bit
wide (even when running inside a 32-bit ARM processor kernel!) and support
32-bit subregister addressing if the most significant 32 bits are zeroed -
this will be very useful in part 4 when cross-compiling and running eBPF
programs on embedded devices.</span>"
[undeadly] OpenBSD 6.5 Released
2019-04-24T15:24:29Z
<p>2019-04-24, Calgary, Alberta, Canada and elsewhere: With a <a href="https://marc.info/?l=openbsd-announce&m=155611207805565&w=2">message</a> sent to relevant mailing lists, Theo de Raadt (<code>deraadt@</code>) announced that the OpenBSD project's 46th release, <a href="https://www.openbsd.org/65.html">OpenBSD 6.5</a> is now generally available from <a href="https://www.openbsd.org/ftp.html">mirror sites</a> all over the world.</p>
<p>Notable changes include but are not limited to:</p>
<ul>
<li>On amd64 and i386 platforms, the default linker has been changed to lld.</li>
<li>The radeonsi Mesa driver (for hardware acceleration on Southern Islands and Sea Islands
<a href="https://man.openbsd.org/radeondrm.4">radeondrm(4)</a> devices) has been added.</li>
<li><a href="https://man.openbsd.org/pvclock.4">pvclock(4)</a>, a driver for the <abbr>KVM</abbr>
paravirtual clock, has been added.</li>
<li>Support for isochronous transfers has been added to
<a href="https://man.openbsd.org/xhci.4">xhci(4)</a>.</li>
<li>The (replacement) <a href="https://man.openbsd.org/uaudio.4">uaudio(4)</a> driver now
supports USB audio class v2.0.</li>
<li>There have been numerous improvement in both the IEEE 802.11 wireless
and generic network stacks.</li>
<li><a href="https://man.openbsd.org/unveil.2">unveil(2)</a> has been improved considerably,
and <a href="https://man.openbsd.org/pledge.2">pledge(2)</a> has gained a new
"video" promise.</li>
<li>RETGUARD has replaced the stack-protector on amd64 and arm64 architectures.</li>
<li>The new pthread <a href="https://man.openbsd.org/pthread_rwlock_init">rwlock</a>
implementation has improved the latency of threaded applications.</li>
<li><a href="https://man.openbsd.org/Xorg.2">Xorg(1)</a>, the X window server,
is no longer installed setuid.</li>
<li><a href="https://man.openbsd.org/bgpd">bgpd(8)</a> has been enhanced considerably.</li>
<li><a href="https://man.openbsd.org/openrsync">openrsync(1)</a>, <a href="https://man.openbsd.org/rdsetroot">rdsetroot(8)</a>,
and <a href="https://man.openbsd.org/unwind">unwind(8)</a> have been added.</li>
</ul>
<p>For a fuller description, see the <a href="https://www.openbsd.org/65.html">OpenBSD 6.5 release page</a> or the <a href="https://www.openbsd.org/plus65.html">detailed changelog</a> of changes since the previous release.</p>
<p>See also the <a href="https://www.openbsd.org/faq/upgrade65.html">Upgrade Guide</a>.</p>
[undeadly] docbook2mdoc-1.0.0 released
2019-04-19T12:15:05Z
<p>After doing active development on it for about a month,
i just released version 1.0.0 of the DocBook to mdoc converter,
<a href="https://mandoc.bsd.lv/docbook2mdoc/docbook2mdoc.1.html">docbook2mdoc(1)</a>.
The OpenBSD port was updated, too.
In a nutshell, docbook2mdoc was brought from experimental status
to an early release that can be considered mostly usable for
production, though no doubt there are still many rough edges.
That's why i called it 1.0.0 and not 1.1.1.</p>
<p><a href="http://undeadly.org/cgi?action=article;sid=20190419101505">Read more…</a></p>
[undeadly] t2k19 Hackathon Report: On rsync, ssh, and ports cruft
2019-04-14T09:54:08Z
The stream of t2k19 hackathon reports continues with this from Christian Weisgerber (<code>naddy@</code>):
<p>
<blockquote>
Discounting an airport layover, this was my first trip to Asia.
I guess I picked the right spot. Seeing Taipei felt like stepping
into <i><a href="https://www.imdb.com/title/tt0113568/">Ghost in
the Shell</a></i>. Awesome. But this isn't the OpenBSD travel
blog…
</blockquote>
<p>
<p><a href="http://undeadly.org/cgi?action=article;sid=20190414075408">Read more…</a></p>
[undeadly] t2k19 Hackathon Report: unwinding in Taipei
2019-04-13T04:36:08Z
Fresh from the recent t2k19 hackathon in Taipei, Florian Obser (<code>florian@</code>)
writes in with this report:
<blockquote>
<a href="https://man.openbsd.org/unwind">unwind(8)</a> is weird. It is the first daemon I wrote without having a
constant use for most of its features. <a href="https://man.openbsd.org/slowcgi">slowcgi(8)</a>, <a href="https://man.openbsd.org/slaacd">slaacd(8)</a> and
<a href="https://man.openbsd.org/rad">rad(8)</a> are different, I use them every day and I will notice when I
break stuff.
</blockquote>
<p>
<p><a href="http://undeadly.org/cgi?action=article;sid=20190413023608">Read more…</a></p>
[undeadly] t2k19 Hackathon Report: Stefan Sperling on 802.11? progress, suspend/resume and more
2019-04-11T08:42:32Z
<p>A new hackathon report has arrived, this time from Stefan Sperling (<code>stsp@</code>), who writes:</p>
<blockquote>
<p>This hackathon was an exceptional opportunity for several developers
involved in 802.11 wireless to meet face to face. I spent a lot of time
collaborating with Kevin Lo and Jonathan Matthew throughout the week.</p>
</blockquote>
<p><a href="http://undeadly.org/cgi?action=article;sid=20190411064232">Read more…</a></p>
[undeadly] t2k19 Hackathon Report: Ken Westerback on dhclient, disklabel, and more
2019-04-09T16:30:47Z
<p>Kenneth R Westerback (<code>krw@</code>) wrote in with a
report on his recent participation in
<a href="https://www.openbsd.org/hackathons.html#t2k19">t2k19</a>:</p>
<blockquote>
<p>Rule 1 of Taipei travel -- nobody knows what an EasyCard is.</p>
</blockquote>
<p><a href="http://undeadly.org/cgi?action=article;sid=20190409143047">Read more…</a></p>
[undeadly] t2k19 Hackathon Report: Putting the hack(6) in hackathon, and other stories
2019-04-07T17:20:52Z
Fresh from the t2k19 hackathon comes a report from Anthony J. Bentley (<tt>bentley@</tt>), who writes:
<p>
<p>Seeing an Asia hackathon coming up was pretty exciting; I’d never been there before. I spent a month or so preparing by getting through the more mundane things in my backlog, mostly new ports and updates. That left my time in Taipei open to focus on fixing some bugs and broken things.
<p><a href="http://undeadly.org/cgi?action=article;sid=20190407152052">Read more…</a></p>
[undeadly] a2k19 hackathon report from Ken Westerback (krw@)
2019-03-24T15:12:27Z
<p>Ken Westerback (<kbd>krw@</kbd>) writes in with his report from
<a href="https://www.openbsd.org/hackathons.html#a2k19">a2k19</a>,
the hackathon in New Zealand:</p>
<blockquote>
<p>Due to an earlier (pre-737Max) airplane problem on the flight back
from n2k18 in Usti nad Labem, a loosely worded compensation coupon and
the cooperation of beck@ in exploiting said wording, I was able to fly
Business Class over the Pacific and thus arrived well rested in
BNE. Could have been even more rested if I hadn't had to rouse myself
to raise a(nother) glass of champagne as we crossed the date line and
it became someone's birthday. First world problems.</p>
<p>The alert reader will have noted that BNE is not where a2k19 was. But
beck@ and I had decided to personally drag various Australians onto
the flight to Wellington the next day.</p>
</blockquote>
<p><a href="http://undeadly.org/cgi?action=article;sid=20190324141227">Read more…</a></p>
[undeadly] mandoc-1.14.5 released
2019-03-10T18:57:19Z
Ingo Schwarze wrote in with the announcement of a new <a href="http://man.openbsd.org/mandoc">mandoc</a> release. Ingo writes,
<p>
<blockquote>
I just released mandoc-1.14.5. This is a regular maintenance
release. As structural changes are quite limited, i expect it to
be very stable, so all downstream systems are encouraged to upgrade
from any earlier version.
</blockquote>
<p><a href="http://undeadly.org/cgi?action=article;sid=20190310175719">Read more…</a></p>
[undeadly] a2k19 Hackathon Report: Antoine Jacoutot on ports, syspatch(8), and more
2019-03-09T01:00:23Z
<p>We are delighted to have received an
<a href="https://www.openbsd.org/hackathons.html#a2k19">a2k19 hackathon</a>
report: Antoine Jacoutot (<kbd>ajacoutot@</kbd>) writes:</p>
<blockquote>
<p>Better (very) late than never… here's my small report about my
<a href="https://www.openbsd.org/hackathons.html#a2k19">a2k19 hackathon</a>
slacking time in Wellington (<abbr>NZ</abbr>).</p>
<p>The "Antipodean" hackathon they call it. Indeed, it took me 28h to get there
from Paris via Singapore! Fortunately, I met with phessler@ and cheloha@ right
on arrival at the airport. From there we went directly into town to visit the
different bars with mlarkin@ as our guide :-).<br>
The challenge was to find a way to keep us awake (12h of jet lag for me), and
going around 6 different bars did the trick :-)</p>
</blockquote>
<p><a href="http://undeadly.org/cgi?action=article;sid=20190309000023">Read more…</a></p>
[xkcd] Adjusting a Chair
2019-05-01T02:00:00Z
<img src="https://imgs.xkcd.com/comics/adjusting_a_chair.png" title="When I was looking at the box, I should have thought more about what "360 degrees of freedom" meant." alt="When I was looking at the box, I should have thought more about what "360 degrees of freedom" meant." />
[xkcd] Disk Usage
2019-04-29T02:00:00Z
<img src="https://imgs.xkcd.com/comics/disk_usage.png" title="Menu -> Manage -> [Optimize space usage, Encrypt disk usage report, Convert photos to text-only, Delete temporary files, Delete permanent files, Delete all files currently in use, Optimize menu options, Download cloud, Optimize cloud , Upload unused space to cloud]" alt="Menu -> Manage -> [Optimize space usage, Encrypt disk usage report, Convert photos to text-only, Delete temporary files, Delete permanent files, Delete all files currently in use, Optimize menu options, Download cloud, Optimize cloud , Upload unused space to cloud]" />
[xkcd] Dangerous Fields
2019-04-26T02:00:00Z
<img src="https://imgs.xkcd.com/comics/dangerous_fields.png" title="Eventually, every epidemiologist becomes another statistic, a dedication to record-keeping which their colleagues sincerely appreciate." alt="Eventually, every epidemiologist becomes another statistic, a dedication to record-keeping which their colleagues sincerely appreciate." />
[xkcd] UI vs UX
2019-04-24T02:00:00Z
<img src="https://imgs.xkcd.com/comics/ui_vs_ux.png" title="U[unprintable glyph]: The elements a higher power uses to bend that moral arc. U[even more unprintable glyph]: The higher power's overall experience bending that moral arc." alt="U[unprintable glyph]: The elements a higher power uses to bend that moral arc. U[even more unprintable glyph]: The higher power's overall experience bending that moral arc." />
[xkcd] Reinvent the Wheel
2019-04-22T02:00:00Z
<img src="https://imgs.xkcd.com/comics/reinvent_the_wheel.png" title="Right now it's a bicycle wheel, so we've had to move to lighter vehicles, but the reduced overhead is worth it. There was one week when a wheel of cheese got dangerously close to the first page, though." alt="Right now it's a bicycle wheel, so we've had to move to lighter vehicles, but the reduced overhead is worth it. There was one week when a wheel of cheese got dangerously close to the first page, though." />
[xkcd] Email Settings
2019-04-19T02:00:00Z
<img src="https://imgs.xkcd.com/comics/email_settings.png" title="What are all these less-than signs? What's an HREF? Look, we know you live in a fancy futuristic tech world, but not all of us have upgraded to the latest from Sun Microsystems." alt="What are all these less-than signs? What's an HREF? Look, we know you live in a fancy futuristic tech world, but not all of us have upgraded to the latest from Sun Microsystems." />
[xkcd] Wanna See the Code?
2019-04-17T02:00:00Z
<img src="https://imgs.xkcd.com/comics/wanna_see_the_code.png" title="And because if you just leave it there, it's going to start contaminating things downstream even if no one touches it directly." alt="And because if you just leave it there, it's going to start contaminating things downstream even if no one touches it directly." />
[xkcd] Text Entry
2019-04-15T02:00:00Z
<img src="https://imgs.xkcd.com/comics/text_entry.png" title="I like to think that somewhere out there, there's someone whose personal quest is lobbying TV providers to add an option to switch their on-screen keyboards to Dvorak." alt="I like to think that somewhere out there, there's someone whose personal quest is lobbying TV providers to add an option to switch their on-screen keyboards to Dvorak." />
[xkcd] Election Commentary
2019-04-12T02:00:00Z
<img src="https://imgs.xkcd.com/comics/election_commentary.png" title="This really validates Jones's strategy of getting several thousand more votes than Smith. In retrospect, that was a smart move; those votes were crucial." alt="This really validates Jones's strategy of getting several thousand more votes than Smith. In retrospect, that was a smart move; those votes were crucial." />