EFF: Updates

Subscribe to EFF: Updates feed
EFF's Deeplinks Blog: Noteworthy news from around the internet
Updated: 1 hour 50 min ago

“Selling” Patents to Sovereign Nations Shouldn’t Mean Bad Patents Can’t Be Challenged

Thu, 12/07/2017 - 1:22pm

On September 8, 2017, the multi-billion dollar pharmaceutical company Allergan announced that it “sold” its patents relating to its eye drops drug “Restasis” to the Saint Regis Mohawk Tribe. But this was not a usual “sale.” The Tribe doesn't appear to have paid anything in exchange for becoming the legal owner of Allergan's patents. Instead, Allergan paid the Tribe $13.75 million, and also agreed to pay the Tribe up to $15 million more each year in exclusive licensing fees.

Last week, EFF and Public Knowledge explained to the Patent Office how Allergan and the Tribe’s deal doesn’t mean Allergan’s bad patents can’t be challenged.

The reason that Allergan and the Tribe engaged in this deal is not a secret. Both Allergan and the Tribe [PDF] readily admit the deal was done to try to prevent Allergan’s patents from being revoked through a Patent Office procedure known as “inter partes review.” Inter partes review allows any member of the public to challenge a patent as improperly granted based on the fact that what the patent claims as an invention was known to the public, or was an obvious change from information and innovation already held by the public.

Allergan and the Tribe’s deal, through the assertion of “sovereign immunity,” tries to prevent the Patent Office from reviewing whether the patents were improperly granted. Generally, sovereign immunity refers to the concept that a sovereign entity (here the Tribe) can’t be subject to the jurisdiction of another sovereign (here the Patent Office) unless the entity agrees. The deal between Allergan and the Tribe requires the Tribe to assert sovereign immunity in an attempt to end the Patent Office procedures before the Restasis patents are revoked.

Stated more bluntly, Allergan paid the tribe in order to block attempts to have its patents invalidated. A decision revoking the patents would lead to generic competition and lower consumer prices for Restasis. A determination that the patents can’t be challenged at the Patent Office could lead to the patents preventing generic entry and keeping prices artificially high.

This deal has significant ramifications for the patent system if it is successful. As one judge described the deal:

What Allergan seeks is the right to continue to enjoy the considerable benefits of the U.S. patent system without accepting the limits that Congress has placed on those benefits through the administrative mechanism for canceling invalid patents.

Shortly after announcing the deal, the Tribe asked the Patent Office to end the proceedings, saying that since the Tribe owns the patents, the Patent Office has no authority to reconsider their legitimacy without the Tribe’s consent. The generic companies have opposed this motion on various grounds, arguing that the proceeding can continue. The Patent Office, perhaps in recognition of the significant controversy generated by the Allergan-Tribe deal, asked the public to weigh in as to whether the proceeding needed to be terminated.

On November 30, 2017, EFF and Public Knowledge submitted a brief arguing that the Patent Office has all the authority it needs to continue the inter partes review proceeding, despite the Tribe’s sovereign immunity. We argued that the proceeding was not one that required the Tribe’s presence at all, meaning sovereign immunity had no application. We also suggested that the Patent Office consider asking its question in a more accessible proceeding, so that more voices could be heard.

EFF and Public Knowledge were not the only parties to weigh in on this high profile dispute. Papers were also filed by other sovereign tribes, scholars, public interest groups, and industry representatives. All briefs are available through the Patent Office’s public portal, available here by searching for AIA Review Number IPR2016-01127.

It may turn out that this dispute is irrelevant in the short term, as after the deal was announced, a federal court invalidated the patents (that decision is on appeal). Regardless of the outcome with respect to the Restasis patents, however, it is clear that other patent holders are engaging in similar deals [PDF] with sovereign tribes. EFF is pushing back against these deals as an improper assertion of sovereign immunity.



The FCC Still Doesn’t Know How the Internet Works

Thu, 12/07/2017 - 12:26pm

Earlier this year nearly 200 Internet engineers and computer scientists sent a letter to the FCC that explained facts about the structure, history, and evolving nature of the Internet. The reasons we laid out in that letter for writing it then still apply to the draft now:

Based on certain questions the FCC asks in the Notice of Proposed Rulemaking (NPRM), we are concerned that the FCC (or at least Chairman Pai and the authors of the NPRM) appears to lack a fundamental understanding of what the Internet's technology promises to provide, how the Internet actually works, which entities in the Internet ecosystem provide which services, and what the similarities and differences are between the Internet and other telecommunications systems the FCC regulates as telecommunications services.

Unfortunately it looks like the FCC ignored the technical parts of that letter, because the FCC’s latest plan to kill net neutrality is still riddled with technical errors and factual inaccuracies. Here are just a few.

The FCC Still Doesn’t Understand That Using the Internet Means Having Your ISP Transmit Packets For You

The biggest misunderstanding the FCC still has is the incorrect belief that when your broadband provider sells you Internet access, they’re not selling you a service by which you can transmit data to and from whatever points on the Internet you want. Citing a past order, the FCC demonstrates this misunderstanding by claiming that "[e]nd users do not expect to receive (or pay for) two distinct services—both Internet access service and a distinct transmission service, for example.

This false distinction between “Internet access service” and “a distinct transmission service” is utterly ridiculous and completely ungrounded from reality. As the FCC would have it, there is some sort of “transmission” that is separate from the Internet that ISPs provide access to.

The FCC needs to realize that the Internet is nothing more than transmission between interconnected machines. The FCC’s understanding of the Internet borders on the mystical, as if the Internet itself were some vaguely defined other realm that an ISP opens a portal to. But there is no other realm, only a collection of networks, including the ISP’s networks. There’s no Internet separate from accessing the Internet; the Internet is just machines accessing each other. It’s worrying that such a mischaracterization may be the basis of a federal regulation that will have wide-ranging effects.

The FCC Still Doesn’t Understand How DNS Works

Besides not understanding how Internet access works, the FCC also has a troublingly limited knowledge of how the Domain Name System (DNS) works—even though hundreds of engineers tried to explain it to them this past summer.

Citing back to language dating from the days of Bell Operating Companies, the FCC claims that DNS functions similarly to a gateway. “We do, however, find similarities between functionalities such as address translation and storage and retrieval to key functionalities provided by ISPs as part of broadband Internet access service, and we conclude the court found such gateway and similar functionalities independently sufficient to warrant an information service classification under the MFJ.

Here’s the thing: “address translation” and “storage and retrieval” are fundamental parts of any software implementation; these implementation details have little to do with the service that a system provides. DNS is a fundamental piece of the transmission puzzle. Code translation is a general purpose technique. Every machine translates IP addresses from machine-order to network-order; that doesn’t make every translation point a gateway.

What’s more, the FCC still thinks that “the absence of ISP-provided DNS would fundamentally change the online experience for the consumer.” Although it admits that “ISPs are not the sole providers of DNS services,” it still thinks that DNS is “indispensable to the broadband Internet access service customers use—and expect—today.” As the FCC would have it, an Internet user actively expects their ISP to provide DNS to them.

But that’s hardly the case. Most users don’t know what DNS is, let alone expect that their ISP provides it. As for users who know enough about DNS to have expectations about who provides it, many choose to use third-party services for their speed and value-add functionality separate from the name translation service. ISPs choose to point users to their own DNS service; they could just as easily point to a third-party service instead of their own, and users would rarely ever notice a difference.

The FCC Still Doesn’t Understand How Caching Works

The FCC is also confused on the matter of caching. Like DNS, it treats caching as if it were some specialized service rather than an implementation detail and general-purpose computing technique. In its discussion of Web caching services, which the earlier Notice of Proposed Rulemaking asked for commentary on, the FCC included an irrelevant line about the general computing technique of caching which is usually used as part of implementing a DNS service. This implementation detail certainly has no bearing on either Web caching or DNS as services, and shows how little it understands these services on the whole.

Since the FCC cites them, it clearly read the multiple comments stating that over 50% of Web traffic is now encrypted. Yet, it sticks to the assertion that “truly pervasive encryption on the Internet is still a long way off, and that many sites still do not encrypt,” and use that to dismiss “assertions in record that suggest that ISP-provided caching is not a vital part of broadband Internet access service offerings, as it may be stymied by the use of HTTPS encryption.

Although the FCC tries to claim that offering web caching is an integral part of the functionality that ISPs provide, this is not the case. In fact, Sonic, a San Francisco-based ISP, does not run web caching equipment for its customers (although they do host a number of boxes from non-affiliated CDN platforms, including the Google Global Cache, Netflix OpenConnect, and Akamai—but they don't operate those boxes).

And if the FCC doesn’t understand the Internet in general, it understands mobile telephony and broadband Internet access even less.

The FCC Doesn’t Understand How the Phone System Works

The FCC’s apparent understanding of the phone system seems to be stuck in the days of rotary phones. For users on a modern American network, voice calling is just one of many applications that a phone enables. If the user has poor signal, that voice call might travel at some point over the circuit-switched PSTN, but it might also never leave a packet-switched network if it’s sent over VoIP or LTE/EPC.

To make its case, the FCC cites its Wireless Broadband Internet Access Order from 2007, saying that “‘[m]obile wireless broadband Internet access service in and of itself does not provide the capability to communicate with all users of the public switched network’ because it does ‘not use the North American Numbering Plan to access the Internet, which limits subscribers’ ability to communicate to or receive communications from all users in the public switched network.’

Modern phone users may be shocked to hear that assertion, given the proliferation of VoIP apps that will dial an NANP number over the Internet without a problem.

Further, the FCC completely ignored the fact that mobile carriers are deploying technology which unifies the underlying infrastructure which makes up the public switched telephone network and the Internet on their networks. This omission is so egregious, we had to write them a separate letter just to get the facts into the record.

The FCC’s Plan to Kill Net Neutrality is Based on Faulty Technical Premises

There are at least two possible explanations for all of these misunderstandings and technical errors. One is that, as we’ve suggested, the FCC doesn’t understand how the Internet works. The second is that it doesn’t care, because its real goal is simply to cobble together some technical justification for its plan to kill net neutrality. A linchpin of that plan is to reclassify broadband as an “information service,” (rather than a “telecommunications service,” or common carrier) and the FCC needs to offer some basis for it. So, we fear, it’s making one up, and hoping no one will notice.

We noticed. And we need your help. The one group Chairman Pai might listen to is Congress—after all, Congress has oversight authority over the FCC. If enough members of Congress signal to Pai that his plan will cost them at the ballot box he might just get the message—and reverse course before it’s too late.

Take action

Tell Congress: Don’t sell the Internet out

Argentinian Government Bans Civil Society Organizations From Attending Upcoming WTO Ministerial Meeting

Wed, 12/06/2017 - 8:06pm

The World Trade Organization (WTO), the multilateral global trade body that has almost all countries as members, has been eyeing an expansion of its work on digital trade for some time. Its current inability to address such issues is becoming an existential problem for the organization, as its relevance is challenged by the rise of smaller regional trade agreements such as the Trans-Pacific Partnership (TPP), North American Free Trade Agreement (NAFTA), and Regional Comprehensive Economic Partnership (RCEP) that do contain digital trade rules.

That's one reason why some experts are now arguing that the WTO ought to retake leadership over digital trade rulemaking. Their reasoning is that a global compact could be more effective than a regional one at combatting digital protectionism, such as laws that restrict Internet data flows or require platforms to install local servers in each country where they offer service.

Civil Society Barred from WTO Summit

It's true that some countries do have protectionist rules that affect Internet freedom, and that global agreements could help address these rules. But the problem in casting your lot in with the WTO is that as closed and opaque as deals like the TPP, NAFTA, and RCEP are, the WTO is in most respects no better. That was underscored last week, when in a surprise move the Argentinian government blocked representatives from civil society organizations (CSOs) from attending the upcoming WTO biennial summit of 164 member states, which is scheduled between 10-13 December in Buenos Aires.

Last week the WTO reached out to more than than 64 representatives from CSOs,  including digital rights organizations Access Now and Derechos Digitales, to inform them that "for unspecified reasons, the Argentine security authorities have decided to deny your accreditation." The Argentine government later issued a press release claiming that activists had been banned as "they had made explicit calls to manifestations of violence through social networks"—a remarkable claim for which no evidence was presented, and which the groups in question have challanged

Most of the banned organizations belong to the Our World Is Not For Sale network (OWINFS), a global social-justice network which has been engaging in WTO activities, including organizing panels and sessions for over two decades. In a strongly-worded letter, Deborah James, OWINFS Network Coordinator has condemned Argentina's actions and noted that the lack of explanation behind the decision "attacked the conference's integrity" and violated "a key principle of international diplomacy".

Even before these delegates were barred from the meeting, their ability to participate in the WTO summit was tightly constrained. Unlike other international negotiation bodies such as WIPO, the WTO does not permit non-state actors to attend meetings even as observers, nor to obtain copies of documents under negotiation. Their admission into the meeting venue would only authorize them to meet with delegates in corridors and private side-meetings, and Argentina's action has taken away even that. Instead, public interest groups will essentially be limited to meeting and protesting outside the summit venue, out of sight and out of mind of the WTO delegates inside.

Multilateral v. Multistakeholder to Digital Trade

Thus the problem with the suggestion that the WTO should take on the negotiation of new Internet-related issues is that any such expansion of the WTO mandate would require a rehaul of its existing standards and procedures for negotiations. International trade negotiations are government-led, and allow for very limited public oversight or participation in the process. On the other hand, the gold standard for Internet-related policy development is for a global community of experts and practitioners to participate in an open, multistakeholder setting.

Transparent consultative practices are critical in developing rules on complex digital issues as prescriptions nominally about commerce and trade can affect citizens’ free speech and other fundamental individual rights. In this respect and others, digital issues are different from conventional trade issues such as quotas and tariffs, and it is important to involve users in discussion of such issues from the outset. Thorough documents such as our Brussels Declaration on Trade and the Internet, EFF has been calling upon governments to make trade policy making on Internet issues more transparent and accountable, whether it is conducted at a multilateral or a smaller plurilateral level.

The WTO's lack of any institutional mechanisms to gather inputs from the public and its inability to assure participation for CSOs is a big blow to the WTO's credibility as a leader on global digital trade policy. Argentina's unprecedented ban on CSOs is especially worrying, as e-commerce is expected to be a key topic of discussion at the summit.

E-commerce Agenda Up In The Air

Last week, WTO director general Roberto Azevedo announced that he will be appointing "minister facilitators" to work with sectoral chairs and identified e-commerce as an area for special focus. That doesn't mean that it's an entirely new issue for the WTO. E-commerce (now sometimes also called "digital trade") entered the WTO in 1998, when member countries agreed not to impose customs duties on electronic transmissions, and the moratorium has been extended periodically, though no new substantive issues have been taken on.

This is changing. Since last year, developed and developing countries have been locked in a battle over whether the WTO's digital trade work program should expand to include new digital trade issues such as cross-border data flows and localization, technology transfer, disclosure of source code of imported products, consumer protection, and platform safe harbors.

This push has come most strongly from developed countries including the United States, Japan Canada, Australia, and Norway. During an informal meeting at the WTO in October, the EU, Canada, Australia, Chile, Korea, Norway and Paraguay, among other countries, circulated a restricted draft ministerial decision to establish “a working party” at the upcoming WTO ministerial meeting in Buenos Aires and authorizing it to “conduct preparations for and carry out negotiations on trade-related aspects of electronic commerce on the basis of proposal by Members”.

Amongst these are a May 2017 proposal presented by the European Union in which the co-sponsors mapped out possible digital trade policy issues to be covered, including rules on spam, electronic contracts, and electronic signatures. The co-sponsors noted that the list they provided was not exhaustive, and they invited members to give their views on what additional elements should be added. 

But many developing nations have opposed the introduction of new issues, instead favoring the conclusion of pending issues from the Doha Round of WTO negotiations, which are on more traditional trade topics such as agriculture. In particular, India this week submitted a formal document at the WTO opposing any negotiations on e-commerce. Commerce and Industry minister Suresh Prabhu said, "We don't want any new issues to be brought in because there is a tendency of some countries to keep discussing new things instead of discussing what's already on the plate. We want to keep it focused." India has maintained that although e-commerce may be good for development, it may not be prudent to begin talks on proposals supported by developed countries. A sometimes unspoken concern is that these rules provide "unfair" market access to foreign companies, threatening developing countries' home-grown e-commerce platforms.

China has a somewhat different view, and has expressed openness to engage in discussions on new rules to liberalize cross-border e-commerce. Back in November 2016, China had also circulated a joint e-commerce paper with Pakistan, and has since called for informal talks to "ignite" discussions on new rules, with a focus on the promotion and facilitation of cross-border trade in goods sold online, taking into account the specific needs of developing countries.

A number of other developing nations have their own proposals for what the WTO's future digital trade agenda might include. In March 2017, Brazil  circulated a proposal seeking “shared understandings” among member states on transparency in the remuneration of copyright, balancing the interests of rights holders and users of protected works, and territoriality of copyright. In December 2016, another document prepared by Argentina, Brazil, and Paraguay focused on the electronic signatures and authentication aspect of the work programme. And in February 2017, an informal paper co-sponsored by 14 developing countries identified issues such as online security, access to online payments, and infrastructure gaps in developing countries as important areas for discussion.

Expectations From the Ministerial Meeting

With so many different proposals in play, the progress on digital trade made at the Ministerial Conference is likely to be modest, reflecting the diverging interests of WTO Members on this topic. Reports suggest that India has built strong support amongst a large number of nations including some industrialized countries, for its core demands for reaffirming the principles of multilateralism, inclusiveness and development based on the Doha work programme. Given India's proactive stance opposing the expansion of the current work programme on e-commerce, this suggests an underwhelming outcome for proponents of the expansion of the WTO's digital trade agenda.

However India's draft ministerial decision on e-commerce also instructs the General Council of the WTO to hold periodic reviews in its sessions in July and December 2018 and July 2019, based on the reports that may be submitted by the four WTO bodies entrusted with the implementation of its e-commerce Work Programme, and to report to the next session of the Ministerial Conference. If enough members agree with India and relevant changes are made to suit all members, India's draft agreement could become an actual declaration.

In other words, even if, as seems likely, no new rules on digital trade issues come out of the 2017 WTO summit, that won't be the end of the WTO's ambitions in this field. It seems just as likely that whatever protests take place in the streets of Buenes Aires, from activists who were excluded from the venue, will be insufficient to dissuade delegates from this course. But what we believe is achievable is to make further progress towards changing the norms around public participation in trade policy development, with the objective of improving the conditions for civil society stakeholders not only at the WTO, but also in other trade bodies and negotiations going forward.

This is one of the topics that EFF will be focusing on at this month's Internet Governance Forum (IGF), where we will be hosting the inaugural meeting of a new IGF Dynamic Coalition on Trade and the Internet, and hopefully announcing a new multi-stakeholder resolution on the urgent need to improve transparency and public participation in trade negotiations. The closed and exclusive 2018 WTO summit is an embarrassment to the organization. If and when the WTO does finally expand its work program on digital trade issues, it is essential that public interest representatives be seated around the table—not locked outside the building.

Government Documents Show FBI Cleared Filmmaker Laura Poitras After Six-Year Fishing Expedition

Wed, 12/06/2017 - 7:28pm

The government recently revealed for the first time that federal agents maintained an open investigation of our client, Academy Award-winning documentary filmmaker Laura Poitras, for six years despite never finding any evidence that she committed a crime or was a threat to national security.

Coming up empty handed after Poitras had been subjected to dozens of border searches, the FBI finally closed the investigation, according to agency documents we obtained. 

We’ve learned about this fishing expedition through documents we obtained in a Freedom of Information (FOIA) lawsuit filed on Poitras’s behalf to find out why she was constantly being stopped by federal agents during her travels. Border agents detained Poitras at airports over 50 times from 2006 to 2012. The detentions began after she directed and released documentary films about post-9/11 life in Iraq and Yemen that challenged the U.S. government’s narrative about the war on terror.

Poitras was subjected to hours of questioning, and had her belongings searched and notes seized at U.S. and international airports. Border agents once threatened to handcuff her when she tried to take notes during a stop. 

On another occasion agents seized her electronic devices without a warrant —an increasingly common U.S. Customs and Border Patrol (CBP) practice in recent years. Her treatment is a clear example of the government abusing its vast surveillance power at the border. 

Poitras filed her FOIA lawsuit in 2015 to find out not only why her detentions started in the first place, but also why they abruptly stopped in June 2012, coincidentally (or not) just two months after her detentions made national news. EFF’s suit forced the government last year to turn over 1,000 pages, some of which answered the first question: The government’s reasoning for making Poitras the target of an intelligence investigation was because they speculated she had foreknowledge of an ambush of American forces in Baghdad in 2004 in which a U.S. soldier was killed and others seriously wounded. Poitras has repeatedly denied the allegation. In addition, the government never sought her footage from that day, which shows she did not film an ambush.

The speculation was based on her mere presence with a film camera on a rooftop on a day of intense fighting. Documents turned over in the FOIA case showed that a journalist embedded with the military, John Bruning, believed Poitras had prior knowledge of the attack and kept quiet so she could film it, which would have been criminal. But Army investigators found no evidence supporting his claim. Furthermore, in April 2006—three months before Poitras’s detentions began—they said in a letter to the FBI that there was “no credible evidence” that she had committed any crime.

The redacted documents obtained by EFF reveal multiple new aspects of the investigation for the first time:

-- The government’s investigation into Poitras was classified as secret

-- A grand jury was convened in 2007

-- Poitras’s personal records were subpoenaed from multiple companies

-- FBI agents were sent to film screenings where Poitras participated in Q&As 

Vast portions of the documents are redacted, so EFF is now challenging the government’s basis for continuing to withhold this information.

However, these documents still didn’t explain why the detentions stopped in 2012. It wasn’t until after we pointed out this missing information that the government turned over another six pages. These heavily redacted pages said, “no potential criminal violations or priority threats to national security warranting further investigation were identified.” Federal agents closed the investigation, according to an August 2012 declassified FBI report.

We now know that even though investigators determined in 2006 that there was no evidence Poitras had committed a crime, the FBI maintained a fishing expedition for another six years, finally closing the matter and giving up its efforts to find something it could use against Poitras after journalist Glenn Greenwald published an article about Poitras’ experiences and a group of documentary filmmakers submitted a petition to the Department of Homeland Security protesting her treatment. It’s concerning to think that these detentions may have continued indefinitely had they not been called out. The government’s use of border crossings as an opportunity to target a journalist for intelligence investigations is disturbing and wrong. 

It’s particularly troubling in light of the exponential increase in warrantless searches and seizures of travelers’ digital devices in recent years—a fact that CBP touts on its website. According to CBP data, the agency conducted 14,993 electronic device searches in the first half of fiscal year 2017 alone, up from 8,503 searches during the entire 2015 fiscal year. These searches have ensnared tens of thousands of Americans from all walks of life, including other journalists, artists, students, former military personnel, engineers, and limousine drivers. In September, EFF and the ACLU filed a lawsuit on behalf of 11 travelers whose smartphones and laptops were searched at the U.S. border without a warrant or explanation. 

Our digital devices contain massive amounts of information—including emails, texts, contact lists, photos, work documents, and medical or financial records—that can reveal sensitive details of our personal lives. The government should not be allowed to use border crossings as an opportunity to conduct fishing expeditions into our personal, private information. The Fourth Amendment requires border agents to have probable cause before seizing digital devices and to get a warrant before searching those devices. 

There is still much we don’t know about how the government decides who to pull out of line and, increasingly, whose digital devices to seize and search. We are seeking additional documents in Poitras’ case and hope to shed more light on the government’s unjust and potentially chilling treatment of a journalist. And we hope our new lawsuit will force the government to start respecting constitutional rights at the border.




Internet Censorship Bills Wouldn’t Help Catch Sex Traffickers

Tue, 12/05/2017 - 7:27pm
SESTA and FOSTA Could Hide Trafficking from Law Enforcement

In the most illuminating part of last week’s House subcommittee hearing on the Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA, H.R. 1865), Tennessee Bureau of Investigation special agent Russ Winkler explained how he uses online platforms—particularly Backpage—to fight online sex trafficking. Winkler painted a fascinating picture of agents on his team posing as johns, gaining trust with traffickers, and apprehending them. His testimony demonstrated how, with proper training and resources, law enforcement officers can navigate the online platforms where sex work takes place to find and stop traffickers, especially those trafficking children.

It was a rare moment of clarity in the debate over FOSTA and its sibling bill, the Stop Enabling Sex Traffickers Act (SESTA, S. 1693). Since these bills were introduced, there’s been little discussion of how law enforcement officers use the online platforms that the bills would threaten and how SESTA and FOSTA would make it more difficult for law enforcement to do its work. Winkler made it crystal clear how heavily his work relies on online platforms: “We've conducted operations and investigations involving numerous perpetrators and victims. The one constant we encounter in our investigations is use of online platforms like Backpage.com by buyers and sellers of underage sex.”

There are some differences between SESTA and FOSTA, but their impact on the Internet would be the same. A website or other online platform could be liable under both civil and criminal law, at both the state and federal levels, for the sex trafficking activities of its users. Since it can be very difficult to determine whether a given posting online is in aid of sex trafficking, the bills would almost certainly force websites to become significantly more restrictive in what sorts of content they allow. Many victims of trafficking would likely be pushed off the Internet entirely, as well as sex workers who weren’t being trafficked.

Winkler didn’t show much interest in the idea of targeting online intermediaries—and neither did fellow witness Derri Smith of End Slavery Tennessee. Understandably, their focus isn’t on holding Internet companies liable for user-generated content; it’s on prosecuting the traffickers themselves and getting trafficking victims out of horrific situations.

When Rep. Marsha Blackburn asked both Tennessee panelists what they need to successfully fight trafficking, neither panelist mentioned proposals like SESTA and FOSTA at all. They discussed more important measures aimed at finding and stopping traffickers and supporting survivors. Winkler referenced changes in state law “to make it more punishable for both buyers and sellers of sex acts with juveniles.”

Winkler isn’t the only person who’s tried to explain to Congress how law enforcement relies on online platforms to find and arrest sex traffickers. Numerous experts in trafficking have pointed out that the visibility of online platforms can both aid law enforcement in apprehending traffickers and provide safety to trafficking victims. Trafficking expert Alexandra Levy notes that the online platforms that FOSTA could undermine are the very platforms that law enforcement agencies rely on to fight trafficking:

While more visibility invites more business, it also increases the possibility that victims will be discovered by law enforcement, or anyone else looking for them. By extension, it also makes it more likely that the trafficker himself will be apprehended: exposure to customers necessarily means exposure to law enforcement.

Levy submitted a letter to the House Energy and Commerce Committee, Subcommittee on Communications and Technology, in advance of last week’s hearing, urging the Subcommittee not to go forward with a bill (.pdf) that would make it harder to apprehend traffickers and expose trafficking victims to more danger.

Freedom Network USA—the nation’s largest network of frontline organizations working to reduce trafficking—agrees (.pdf): “Internet sites provide a digital footprint that law enforcement can use to investigate trafficking into the sex trade, and to locate trafficking victims.”

Four months after SESTA was introduced in Congress—and with SESTA and FOSTA’s lists of cosponsors growing by the day—lawmakers continue to flock to these bills without questioning whether they provide a real solution to sex trafficking. These bills would do nothing to stop traffickers but would push marginalized voices off of the Internet, including those of trafficking victims themselves.

Take Action

Tell Congress: SESTA and FOSTA are the wrong solution

EFF Pushes For More Transparency in Patent Cases, Whether In Court or at Patent Office

Tue, 12/05/2017 - 1:40pm

In a promising step toward transparency, the Eastern District of Texas (the court that sees many of the nation’s patent cases) recently announced an amendment to its Local Rules that would require parties to file redacted versions of documents that contain confidential information. Previously, parties would file whole briefs under seal, without any public version being provided, even if only one word or line in the brief was claimed to be confidential. One of the few ways the public could protest against this improper sealing was to attempt to intervene in cases so as to require the parties and the courts to justify the sealing. But members of the public can’t possibly intervene to unseal in every case. This rule change is a step toward greater transparency.

EFF has, in recent years, worked to push back against oversealing, especially in patent cases where improper sealing is practically routine. We successfully intervened in several cases in order to provide greater transparency to the public.

For example, EFF recently successfully unsealed materials in the case of My Health v. ALR Technologies. We intervened after the parties filed numerous briefs and documents under seal relating to whether patent owner My Health (whose patent on telehealth we awarded Stupid Patent of the Month in May 2016) litigated its case in an exceptional manner. The court recently agreed to unseal a large amount of information previously withheld from the public.

EFF has also been pushing for greater transparency in the high profile patent litigation between Allergan (a branded pharmaceutical company) and generic companies who wish to make a lower cost version of the drug Restasis. The litigation took on new interest when Allergan announced it had “sold” its patents to the Saint Regis Mohawk Tribe in an attempt to shield the patents from scrutiny at the Patent Office.

Once news of the Allergan-Tribe deal became public, we watched as the parties filed briefs in the related district court case with the most relevant exhibits about the controversial deal being filed under seal, completely hidden from the public. Concerned about this level of sealing, we reached out to the parties and asked them to provide greater transparency, or at minimum, provide justification for the high level of sealing. In the end, Allergan refiled many of the papers, significantly limiting the amount of information withheld from the public.

The Eastern District of Texas’ new rule is a step in the right direction, although we believe it still falls short of what the law requires. We submitted comments regarding the new rules, applauding the positive step, but urging the court to recognize that it is the parties’ burden to show why materials should be kept from the public each and every time they submit documents to the court. The Reporters Committee for Freedom of the Press also submitted comments urging the court to do more to protect the public’s interest in court filings.

Beyond the courts, we have also been pushing for greater transparency at the Patent Office. We recently sought materials from the Patent Office related to the Allergan-Tribe deal (many of which were the same as those filed in court). In October, we sent a Freedom of Information Act (FOIA) Request to the Patent Office asking for records from the proceeding related to Allergan’s patents. There, the Tribe had asked the Patent Office to end the proceedings based on a claim of sovereign immunity. Once again, the most relevant information was filed completely under seal without any justification for withholding it from the public.

The fact that this material was under seal became particularly problematic when the Patent Office issued a call for public input as to whether sovereign immunity applied to the proceedings. The ability of members of the public to evaluate the deal and determine its nature was hampered by the fact that the public could not determine what, exactly, the deal was.

After we filed our FOIA request, the Patent Office asked the parties to explain why the materials were filed under seal and what justification there could be do withhold the information from the public. This led, again, to the materials being significantly unmasked.

In both the district court case and at the Patent Office, it is clear that parties are often sealing much more information than the law allows. It is only when challenged do they agree to reveal what should have been public in the first place. While we’re glad there has been greater transparency in the cases mentioned above, it should not take EFF (or anyone else’s) intervention before the courts and parties make public what should have been public all along.

New Orleans Police Watchdog Warns of Dangers of Expanded Surveillance

Mon, 12/04/2017 - 2:46pm

In a stern warning to the New Orleans City Council, the city’s top police watchdog has criticized a plan to expand surveillance without also expanding oversight. The Office of Independent Police Monitor (OIPM) warned that the city is on a path that may lead to abuse, racial discrimination, and fiscal waste. 

New Orleans Real Time Crime Center (Source: Nola.gov)

In November, New Orleans Mayor Mitch Landrieu announced a $5-million “Real Time Crime Monitoring Center” near the French Quarter that would allow for 24-7 monitoring of both private and government-owned CCTV cameras, automated license plate readers (ALPRS), and other advanced surveillance technology. The facility coincides with a plan to install 250 new surveillance cameras and 106 new ALPRs in 2018. 

The plan was also criticized by the Music & Culture Coalition of New Orleans [.pdf], which represents the Big Easy’s vibrant art and music scene, as “poorly conceived, reactionary, and intentionally ambiguous.” The group complained that the lack of a public process resulted in the creation of “a blueprint for unconstitutional surveillance.”

In response to community concerns, Acting Police Monitor Ursula Price wrote in a letter that the systems “have the potential to jeopardize the expensive and hard-won police reforms of the past ten years.” She notes that despite earmarking millions for expanded surveillance, the city has not proportionately increased funding for oversight and monitoring to prevent abuse. Drawing from case studies in London, Chicago, and San Francisco, and EFF’s own work in the New Orleans area, she shows that surveillance has historically violated the privacy of constituents, particularly women and communities of color. She predicts the technologies may create civil liability for the city without positively impacting public safety, especially considering the cybersecurity risks associated with large-scale storage of personal data.

OIPM recommended seven key reforms: 

  • Prohibit magnification of an individual’s face without reasonable suspicion or threat to public safety and monitor compliance.
  • Prohibit aiming the camera at an individual’s or group's activity without reasonable suspicion or threat to public safety and monitor compliance.
  • Require camera operators to adhere to the same 4th Amendment-informed NOPD [New Orleans Police Department] policies regarding reasonable suspicion and monitor compliance.
  • Prohibit pointing cameras into private homes and monitor compliance.
  • Balance the need for public information against public privacy when setting rules on dissemination and duration of image retention and monitor compliance.
  • Monitor NOPD to ensure consistent enforcement of camera policies and discipline those who violate policy.
  • Private cameras linked to the command center feeds must follow the same rules and regulations as public cameras. 

Independent and civilian oversight bodies in other cities should take a cue from New Orleans’ OIPM and, in their own communities, begin analyzing the policies governing the use of these spying technologies and investigate how law enforcement abuses surveillance.

Watchdog bodies should start with EFF’s “Law Enforcement Technology Primer for Civilian Oversight Bodies,” [.pdf] a guide developed in 2015 for the National Association of Civilian Oversight of Law Enforcement. The paper outlines the emerging civil liberties issues presented by new technologies, what questions oversight bodies should ask, and what actions can be taken to protect the public from unrestrained surveillance.

For more information on surveillance technologies used by local police department, such as ALRPs, body-worn cameras, cell-site simulators, drones, and face recognition, visit EFF’s Street-Level Surveillance project

Court Recognizes First Amendment Right to Anonymity Even After Speakers Lose Lawsuits

Mon, 12/04/2017 - 2:00pm

Anonymous online speakers may be able to keep their identities secret even after they lose lawsuits brought against them, a federal appellate court ruled last week.

The decision by the U.S. Court of Appeals for the Sixth Circuit in Signature Management Team, LLC v. John Doe is a victory for online speakers because it recognized that the First Amendment’s protections for anonymous speech do not end once a party suing the anonymous speaker prevails. Instead, the court ruled that revealing anonymous speakers’ identities has far-reaching consequences that must be weighed against opposing parties’ and the general public’s rights to learn speakers’ names once they’ve been found to have violated the law. This is good news, because many vulnerable speakers will self-censor unless they have the ability to speak anonymously and thereby avoid retaliation for their whistleblowing or unpopular views.

The ruling, however, is not all good news for anonymous speech. The test announced by the court sets unmasking as the default rule post-judgment, placing the burden on the anonymous party to argue against unmasking. Additionally, the court expanded the competing First Amendment right of access to judicial proceedings and records—which EFF strongly supports—to a novel right to learn the identity of an anonymous litigant—which we do not support.

Blogger Sued by Company for Copyright Infringement Fights to Keep His Anonymity

The case centers on an anonymous blogger (Doe) who runs the blog “Amthrax,” which is critical of multi-level marketing companies such as Amway. In 2013, the blogger posted a training manual copyrighted by Signature Management Team, another multi-level marketing company. When the company issued a takedown notice, Doe removed the work from the blog. Then Signature Management filed suit. It asked for a court order to unmask Doe and to require Doe to destroy all copies of the book and not to infringe the company’s copyright in the future.

During an early discovery phase of the case, the trial court denied Signature Management’s request to unmask Doe, ruling that the First Amendment protected his identity. Later, on the merits, the court ruled that Doe had infringed Signature Management’s copyright, but indicated that it would likely only require that Doe destroy all copies of the work. After Doe confirmed that he had done so, Signature Management once more asked the court to unmask Doe.

The trial court again denied Signature Management’s request, finding that because Doe had already deleted the infringing work, unmasking the blogger was unnecessary. Signature Management appealed to the Sixth Circuit, arguing that since Doe was found liable, he should no longer maintain his anonymity.

The Good News: Court Recognizes Right to Anonymity Extends to Speakers Who Lose Lawsuits

To EFF’s knowledge, the Sixth Circuit’s decision is the first time a federal appellate court has recognized that the First Amendment can protect speakers’ ability to remain anonymous even when they have been found liable in a civil lawsuit.

An order unmasking Doe would therefore unmask him in connection with both protected and unprotected speech and might hinder his ability to engage in anonymous speech in the future.

This is a great development for anonymous speech online. EFF has long fought for anonymous speech rights, including defending online speakers from lawsuits that are designed to intimidate, harass, or silence them rather than vindicate the plaintiffs’ legitimate legal grievances. Although the right to speak anonymously is not absolute, courts have recognized its historical importance in our democracy and its ability to foster open debate on controversial topics, particularly online.

In most anonymous speech cases, parties seek to unmask speakers at an early stage in a lawsuit. Courts have developed various tests that seek to protect anonymous speech rights and to deter frivolous lawsuits, while still allowing plaintiffs to obtain the evidence they need to pursue their claims.

It was an open question whether the right to anonymity continued after a Doe defendant was found liable for a civil claim. We filed a brief [.pdf] in this case arguing that it did, and the Sixth Circuit agreed.

The appellate court rejected Signature Management’s argument that Doe’s liability for copyright infringement extinguished his First Amendment right to anonymity. This is because his unprotected publication of Signature Management’s book was just one episode in a larger campaign of Doe’s overall anonymous speech. The court explained that although “Doe’s infringing speech is not entitled to First Amendment protection, that speech occurred in the context of anonymous blogging activities that are entitled to such protection.”

The court further reasoned: “An order unmasking Doe would therefore unmask him in connection with both protected and unprotected speech and might hinder his ability to engage in anonymous speech in the future.”

The court’s ruling gives anonymous speakers a chance to show that they should still keep their anonymity even if they’ve been found to have violated the law, laying out factors (discussed below) that courts can weigh when determining if speakers can keep their anonymity.

The Bad News: Court’s Test Places the Burden on Speakers to Maintain Their Anonymity

Unfortunately, maintaining anonymity after being found liable in a civil lawsuit is not guaranteed under the Sixth Circuit’s test. The decision sets a default (in legal jargon, a presumption) that, after being found liable, the speaker should be unmasked. It is then up to the speaker to overcome that default by showing that unmasking is not warranted.

The court’s standard is backwards. The rule—even post-judgment—should be that the First Amendment protects anonymous speakers’ rights by default, and then the party seeking to unmask them should have the burden to show why unmasking is required.

The decision provides several factors for courts to weigh, including the public’s interest in the litigation, the plaintiff’s needs to know the defendant’s identity to enforce the judgment against them, and the anonymous speakers’ ability to show that they engage in substantial protected speech that unmasking will chill. After creating the test, the Sixth Circuit sent the case back to the district court to apply it in this specific case.

The court grounded its default—that Does should be unmasked once they’ve been found liable—in another important First Amendment right: the right of the public to access judicial proceedings and records.

EFF is a strong advocate of this right, and we regularly assert it in court. But as we argued in the brief we filed in this case, that presumptive right of access can yield in narrow circumstances to other important interests, such as an individual’s right to anonymity.

The Sixth Circuit’s ruling, however, expands the First Amendment right of access beyond sealed court records or closed judicial proceedings, to include a new principle: that the public has the right to know the names of anonymous defendants once they’ve been found liable. The court ruled that “like the general presumption of open judicial records, there is also a presumption in favor of unmasking anonymous defendants when judgment has been entered for a plaintiff.”     

This is incorrect. The point of the right of public access to government proceedings and records is for the public to be able to monitor what its government is up to. To know whether judicial rulings are fair and reasonable, the public needs to be able to attend court hearings and read court filings. Irrespective of whether the identify if an anonymous litigant appears in court records, unmasking the litigant will not advance the public’s ability to monitor the actions of the court.

One risk of the Sixth Circuit’s ruling is that it might eventually be extended to create a presumption of post-judgment unmasking for anonymous plaintiffs, who can include parties alleging privacy invasions, who were victims of crime, or those seeking access to abortion or other medical care.

For now, we’re excited that the Sixth Circuit strengthened protections for anonymous speakers and we remain hopeful that our concerns about the decision won’t be realized.

EFF Staffers Jennifer Lynch and Dave Maass Receive Award for Groundbreaking Work In Providing Public Access to Police Surveillance Records

Fri, 12/01/2017 - 8:15pm

EFF Senior Staff Attorney Jennifer Lynch and Investigative Researcher Dave Maass last night received the First Amendment Coalition’s 2017 Free Speech & Open Government Award in recognition for their work bringing transparency and accountability to law enforcement’s collection and use of automated license plate reader (ALPR) data. The award was shared with Peter Bibring, director of police practices at the ACLU of Southern California.

Lynch and Bibring fought a five-year legal battle to obtain ALPR data from Los Angeles law enforcement agencies to better understand how police use records obtained by scanning the license plates and collecting location data of tens of millions of law-abiding drivers. Mounted on squad cars and telephone poles, ALPR systems indiscriminately read license plates and record the time, date, and location a particular car was encountered. These records can reveal intimate details of our private lives—where we go, who we visit, where we work and when we visit the doctor.

EFF and the ACLU of Southern California filed suit after police agencies refused to turn over the documents, saying they were investigative records, a claim that’s tantamount to saying all drivers in Los Angeles are under investigation at all times, regardless of suspicion of criminal activity. In a major victory for transparency, the California Supreme Court ruled in August that collecting license plate data isn’t targeted at any particular crime, so the records couldn’t be considered part of a police investigation and kept secret.

“This sets a precedent that mass, indiscriminate data collected by the police using any kind of surveillance technology can’t be withheld as an investigative record just because it contains, or may contain, a small amount of criminal data,” said Lynch in her acceptance speech last night. “This should have broad impact on future public records requests filed by anyone in the state.”

The EFF team also worked in the California legislature, helping to pass a bill that requires all agencies or individuals that use ALPRs to publicly post privacy and usage policies. Through public records requests and organized crowdsourcing events with EFF supporters, the team created a definitive map of ALPR policies in California. EFF has also analyzed license plate data in Oakland to show disproportionate targeting of communities of color, revealed cybersecurity vulnerabilities in license plate readers around the country, and exposed how license plate reader companies are turning police into debt collectors.

Congratulations Jen, Dave, and Peter!

Related Cases: Automated License Plate Readers- ACLU of Southern California & EFF v. LAPD & LASD

Deep Dive: DHS and CBP Nominees’ Unsatisfying Responses to Senators’ Questions on Border Device Searches

Fri, 12/01/2017 - 6:54pm

Two of President Trump’s top homeland security nominees faced tough questioning from Sens. Ron Wyden (D-OR) and Rand Paul (R-KY) about the civil liberties implications of border searches of digital devices during their confirmation processes. In this deep-dive legal analysis, we dissect the written responses of Kirstjen Nielsen and Kevin McAleenan to “questions for the record” submitted by Sens. Wyden and Paul.

Nielsen, the nominee for secretary of the U.S. Department of Homeland Security (DHS), served as chief of staff to the former DHS secretary, John Kelly. When Kelly became White House chief of staff for President Trump, Nielsen followed to become a White House aide. McAleenan, the nominee for commissioner of U.S. Customs and Border Protection (CBP), has served as acting commissioner since the beginning of the Trump administration.

Both Nielsen and McAleenan revealed that CBP is currently reviewing its 2009 policy directive on border device searches and will “revise and update it to reflect evolving and operational practices on this important and sensitive issue.” McAleenan also promised Sen. Wyden that he would make the revised policy public. We eagerly await the revised policy.

The only policy update since 2009 that CBP has publicly discussed so far is the April 2017 “muster” that directs border agents not to access cloud data during device searches, and to disable a device’s Internet access prior to searching to ensure this is the case.

Additionally, we will be interested to see whether and how the revised policy addresses two key cases that have come down since 2009: the United States Court of Appeals for the Ninth Circuit’s 2013 decision in U.S. v. Cotterman and the U.S. Supreme Court’s 2014 decision in Riley v. California.

In Cotterman, the Ninth Circuit held that the Fourth Amendment requires border agents to have reasonable suspicion before conducting a software-aided “forensic” search (as opposed to a manual search) of a digital device such as a laptop. In Riley, the Supreme Court held that cell phones are not subject to the search-incident-to-arrest exception—which permits warrantless and suspicionless searches of arrestees and items in their possession—and thus, consistent with the Fourth Amendment, police must first obtain a probable cause warrant before searching the cell phone of an arrestee. As we have extensively argued, Riley should apply at the border given the significant and unprecedented privacy interests travelers have in their cell phones, laptops, and other digital devices.

Referencing Cotterman, Sen. Wyden asked McAleenan: “If CBP has been able to protect our borders and, more broadly, U.S. national security, while following a reasonable suspicion standard in the 9th Circuit, why could the agency not also adopt the same standard elsewhere in the country?”

McAleenan responded: “CBP is actively engaged in reviewing its [2009] governing policy on the border search of electronic devices, to include setting appropriate policy limitations for these searches, particularly when forensic review is involved.”

This response is intriguing because it raises the question whether CBP is actually considering writing the Cotterman rule into its border device search policy directive, which would apply across the country and not just in the nine western states under the jurisdiction of the Ninth Circuit. Moreover, McAleenan could have argued that Cotterman has hampered CBP’s border security mission, yet his silence suggests that this has not been the case.    

Sen. Wyden asked McAleenan how many border device searches were supported by reasonable suspicion.

McAleenan responded: “CBP does not compile this specific data set.”

This is disappointing. It would be helpful to have this statistic to see how often border agents actually operate with some objective reason to believe that a traveler has violated an immigration or customs law. This would shed light on any claims by CBP that a universally applied higher standard of suspicion for border device searches would be impractical. Also, it would be instructive to know at a more granular level whether certain ports-of-entry or even specific agents conduct suspicionless searches more often than others.

Sen. Paul asked Nielsen what the maximum amount of time is that border agents may delay entry for a traveler in order to search their devices.

Nielsen didn’t answer this question, but instead reiterated CBP’s default rule that devices may be detained for not more than five days. However, while the default length of a device detention is five days, § 5.3.1 of CBP’s 2009 policy directive expressly allows for indefinite device detention if a supervisor agrees there are undefined “extenuating circumstances.” Presumably applying this nebulous standard, for the last 10 months CBP has confiscated the phone of Suhaib Allababidi, one of the plaintiffs in our lawsuit against DHS and CBP concerning border device searches and confiscations. As to Sen. Paul’s actual question, our clients suffered entry delays for several hours while agents searched their devices. One client, Jeremy Dupin, was detained for seven hours on Christmas Eve, along with his young daughter.

Sen. Wyden noted: “When meeting with my staff, CBP personnel stated that the agency does occasionally perform border searches of Americans’ electronic devices at the request of other governmental agencies.”

McAleenan responded: “[T]he use of other federal agency analytical resources, such as translation, decryption, and subject matter expertise, may be needed to assist CBP in reviewing the information contained in electronic devices or to determine the meaning, context, or value of information contained in electronic devices.”

McAleenan was referring to § 5.3.2 of CBP’s 2009 policy directive. The problem with McAleenan’s response is that he conflated border device searches at the request of other agencies, with border device searches conducted with the assistance of other agencies. He failed to address the former issue, which raises the specter of government officials evading the Fourth Amendment's warrant requirement by trying to stretch the border search doctrine—which permits warrantless and suspicionless “routine” searches—to cover investigations unrelated to the border.

We know that CBP does conduct searches for other agencies, and that those searches have nothing to do with a traveler at the border possibly violating an immigration or customs law. For example, in U.S. v. Saboonchi, Ali Saboonchi (a dual U.S. and Iran citizen) was returning to the U.S. from a vacation to Niagara Falls with his wife when border agents saw in a government database that he was the subject of a pre-existing investigation for violating the trade embargo with Iran. That investigation started with the FBI and continued with Homeland Security Investigations (HSI), a part of U.S. Immigration and Customs Enforcement (ICE). When border agents called an HSI special agent to flag that Saboonchi was at the border, she told them to detain Saboonchi’s devices to, as the district court explained, “take advantage of” the government’s authority to conduct warrantless border searches, in the hope of furthering that separate investigation—which had no nexus to Saboonchi’s border crossing.

Sen. Wyden asked McAleenan: “Have CBP personnel ever surreptitiously installed surveillance software or malware onto a traveler’s device during a border search? Alternatively, has CBP assisted another government agency in covertly installing malware onto a traveler’s electronic device?”

McAleenan responded “no” to both these questions, but limited his answer “to my knowledge.” If this is true, we welcome this assurance, as we know that this has been a significant fear of many travelers.

Sen. Wyden asked McAleenan: “I think it’s important that people know their rights, and that CBP can’t demand people assist in unlocking a device at the border. Will you commit to making sure that individuals know their rights, and your authorities, before they’re asked to provide assistance in searching a device?”

McAleenan referenced a “tear sheet” claiming that it “clearly explains and details the authority supporting the search of their electronic device.” But this document does not notify travelers that they have a right to refuse to provide their password or PIN, or otherwise provide border agents access to their digital devices. To the contrary, this document commands travelers to comply with border agents’ demands:

CONSEQUENCES OF FAILURE TO PROVIDE INFORMATION: Collection of this information is mandatory at the time that CBP or ICE seeks to copy information from the electronic device. Failure to provide information to assist CBP or ICE in the copying of information from the electronic device may result in its detention and/or seizure.

Finally, McAleenan revealed in his responses to Sen. Wyden that the number of border device searches for fiscal year 2017 (which ran from Oct. 1, 2016-Sept. 30, 2017) was 30,151. This is compared to 5,085 searches for FY 2012—reflecting a six-fold increase in the past five years.

McAleenan also revealed that of the FY 2017 border device searches, 20% (6,003) of travelers were American citizens. This is a large number of Americans whose privacy was invaded simply for traveling abroad. Moreover, this number doesn’t take into account legal permanent residents (green card holders), who also enjoy the Fourth Amendment right to privacy in their cell phones and other digital devices.

We thank Sens. Wyden and Paul for continuing to shine a light on border device searches. The more we know about this rampant invasion of digital liberty, the easier it will be to reform it.

For more information on your rights at the border, read our whitepaper: Digital Privacy at the U.S. Border: Protecting the Data On Your Devices and In the Cloud.

We also urge you to contact your members of Congress and tell them to support the Protecting Data at the Border Act (S. 823/H.R. 1899), which would require border agents to get a probable cause warrant before searching the digital devices of U.S. citizens and lawful permanent residents.

EFF Supports the Adoption of Berkeley's Surveillance Technology Use and Community Safety Ordinance

Fri, 12/01/2017 - 6:53pm

Across the nation, much of the American public remains unaware of the risks to privacy and freedom of expression posed by steadily advancing surveillance technologies. Automated license plate readers, cell-site simulators, and face recognition equipment—once confined to the imagination of science fiction authors—have all become common tools for police surveillance. Spy tech is often marketed to local law enforcement agencies with claims (often unsubstantiated) of enabling crime reduction without the need to expand police department personnel. However, the adoption of this equipment and failure to establish critical policies regarding its use presents substantial risks to privacy, as well as civil rights.

Since 2016, we’ve worked with a range of local and national partners on empowering communities to take control of surveillance equipment policy and acquisition. These coalitions have supported cities across the United States in proposing ordinances that would provide consistent transparency, accountability and oversight measures.

Two such proposals are currently under review in the San Francisco Bay Area.

Oakland’s Privacy Advisory Commission recently finalized its recommendation to the Public Safety Committee regarding Oakland’s proposed Surveillance and Community Safety Ordinance. The Privacy Advisory Commission was created as the result of Oakland residents’ rejection of the proposed expansion of the Domain Awareness Center into a citywide surveillance network. In addition to work in their own community, Oakland Privacy, whose efforts were fundamental in the creation of Oakland’s Privacy Advisory Commission, has been a leading ally in our work to support the adoption of similar bills, not only in Oakland but throughout the Bay Area.

The City of Berkeley, a neighboring community that has been the recipient of this support, is scheduled to hold a hearing on its own Surveillance Technology Use and Community Safety bill on Tuesday, December 5. With our coalition partners we submitted a letter in support of Berkeley's ordinance on November 20, asking the Berkeley City Council to recognize that, now more than ever, local leaders have a special responsibility to enact strong measures that protect vulnerable residents from suspicionless monitoring and the creation of databases exploitable for discriminatory ends.

As we write in the letter:

The Ordinance is straightforward: it requires essential transparency, accountability, and oversight for all surveillance technology proposals, and it ensures the public has the opportunity to learn about the civil rights and civil liberties impact of surveillance technologies before local officials acquire them.

EFF also has supported laws to ensure community control of police surveillance for Santa Clara County, BART, Palo Alto, and statewide.

The power to decide whether these tools are acquired, and how they are utilized, should not stand unilaterally with agency executives. Instead, elected City Council members should be empowered with the authority to consider and responsibly approve, or reject, surveillance technology. Most importantly, all residents must be provided an opportunity to comment on proposed surveillance technologies, and the policies constraining their use, before representatives decide whether to adopt them.

Net Neutrality Needs You as Much as You Need It

Fri, 12/01/2017 - 3:35pm

Net Neutrality Needs You as Much as You Need It

The battle for net neutrality is ramping into high gear, as we anticipate an FCC vote on December 14 to either confirm or reject Chairman Pai’s draft order to undermine the 2015 Open Internet Order. With the future of the Internet, its capacity to continue fostering innovation, and freedom of expression online hanging in the balance, EFF encourages Internet users to speak out--both online and in the streets--to defend net neutrality.

Remote actions

You can can help defend net neutrality, wherever you’re located. We’ve set up tools to enable users to both email and call your Members of Congress, who will have an important role to play, especially if the FCC chooses to undermine innovation and freedom of expression by allowing ISPs to discriminate among their customers.

We’ve also suggested further opportunities to raise your voice both in communications with your representatives and in public, where your voice can carry an even greater impact. Finally, EFF is part of the Battle for the Net coalition, which is hosting an online petition and promoting further actions offline.

In-person actions

After you’ve taken action online, consider participating in any of the many actions planned around the country to champion the chance for anyone to access the Internet on equal terms.

On Thursday, December 7, responding to the company’s role in undermining user rights, allies are organizing protests at dozens of Verizon stores from coast-to-coast. An interactive map includes protest sites, as well as confirmed visits to congressional offices to amplify the message that Internet users want the right to access the network on equal terms, rather than according to their ability to pay a ransom to corporate ISPs.

A week later, allies--including the Center for Media Justice, Color of Change, the National Hispanic Media Center, and Free Press--will host a rally outside the FCC in Washington on the morning of the Commission’s vote on Chairman Pai’s draft order. A separate coalition has also organized a protest the day before the vote at the same site.

Whether or not you can join actions on December 7 in a city near you, or on December 13 or 14 in Washington, you can support these events by sharing links to more information in your social media channels. Make sure your community understands what’s at stake and why net neutrality (enforced by light touch FCC regulation) matters.

Planting seeds

If you’re motivated to do more, find an allied grassroots network where you live to build the movement for digital rights beyond the current flash point surrounding the FCC’s attack on net neutrality. From net neutrality to mass surveillance, and from Congress to local city councils, digital rights are both under attack and also present profound opportunity for local groups focused on making a public case for users.

If the Electronic Frontier Alliance has not yet recruited a local group near you, consider starting one! We’re eager to invite any network of 3 or more people taking action locally to inform, inspire, and mobilize their neighbors, classmates, colleagues, or friends to join the Alliance.

With a defining cornerstone of the Internet under attack from federal regulators and corporate ISPs, there’s never been a more important time to raise your voice to defend your rights online.

House Intelligence Committee Advances a Deeply Flawed NSA Surveillance Bill

Fri, 12/01/2017 - 2:38pm

A bill to extend one of the NSA’s most powerful surveillance tools, and further peel back American civil liberties, was approved today by the House Permanent Select Committee on Intelligence in a strict party line vote (12-8), with Republican members voting in the majority.

The committee and the public had less than 48 hours to read and discuss the bill. Democratic committee members openly criticized the short timeframe, amongst other problems. 

“This bill was shared with my office less than 24 hours ago, and here we are marking up legislation that has incredibly profound constitutional implications for all Americans,” said Rep. Jackie Speier (D-CA). She continued: “We could be sitting here, thoughtfully debating the precarious balance between security and civil liberties and the best path forward, but instead, the majority has decided to do otherwise.”

The bill is the FISA Amendments Reauthorization Act of 2017, and it was introduced on the evening of November 30 by House Intelligence Committee Chairman Devin Nunes (R-CA). It is the latest legislative attempt to reauthorize Section 702, one of the NSA’s most powerful surveillance authorities that allows for the targeting and collection of communications of non-U.S. persons not living in the United States. The NSA also uses Section 702 to justify the “incidental” collection of American communications that are predictably swept up during foreign intelligence surveillance, too.

The bill has many problems that you can read about here, from potentially restarting one of the NSA’s most invasive forms of surveillance to treating constitutional rights as optional.

But instead of probing these privacy defects in the bill, much of the Friday morning hearing was dominated by heated partisan debate around a single topic that one Democratic committee member described as “political dynamite.”

That issue is “unmasking,” the process by which the identities of Americans whose communications are collected through the broader FISA law are revealed at request by government officials. The Nunes bill includes several oversight provisions for this process.

According to the committee’s Ranking Member Adam Schiff (D-CA), the issue has nothing to do with Section 702, and it has no rightful place in the Nunes bill.

Close to one hour into the disagreements, Rep.Denny Heck (D-WA) bemoaned the lost opportunity to have a conversation on the balance between national security and civil liberties.

“I’m voting no because I believe that this bill sets up a false choice between whether or not we can be secure, or whether or not we can protect our rights to privacy, especially under the Fourth Amendment,” Rep. Heck said. “Benjamin Franklin famously quipped, and I’m amazed that he has not yet been quoted today, that those who would trade privacy for security deserve neither.”

Rep. Heck continued: “I find that the weight of this bill trades off privacy for security, and I believe that is a false choice because I believe we can have both.”

We agree. The Nunes bill threatens the privacy of American communications and potentially opens up U.S. persons to an invasive type of NSA surveillance that the agency voluntarily ended this year.

The Nunes bill goes backward. Surveillance reform must move forward.