EFF: Updates

Subscribe to EFF: Updates feed
EFF's Deeplinks Blog: Noteworthy news from around the internet
Updated: 1 hour 49 min ago

Stupid Patent of the Month: Motivational Health Messaging LLC Gets a Patent on Sending Uplifting Texts

Thu, 12/21/2017 - 6:28pm

Have you ever sent a motivational text to a friend? If you have, perhaps you tailored your message to an activity or location by saying “Good luck in the race!” or “Have fun in New York!” Now, imagine doing this automatically with a compuuuter. What a great invention. Actually, no. That’s not a good invention, it’s our latest Stupid Patent of the Month.

U.S. Patent No. 9,069,648 is titled “Systems and methods for delivering activity based suggestive (ABS) messages.” The patent describes sending “motivational messages,” based “on the current or anticipated activity of the user,” to a “personal electronic device.” The patent provides examples such as sending the message “don't give up” when the user is running up a hill. The examples aren’t limited to health or exercise. For example, the patent suggests sending messages like “do not fear” and “God is with you” when a “user enters a dangerous neighborhood.”

The patent’s description of its invention is filled with silly, non-standard acronyms like ABS for “activity based suggestive” messages or EBIF for “electronic based intelligence function.” These silly acronyms create an illusion of complexity where plain, descriptive language would reveal the mundane nature of the supposed invention. For example, what the patent grandly calls EBIF appears to be nothing more than standard computer processing.

The ’648 patent is owned by Motivational Health Messaging LLC. While this may be a new company, at least one of  the people behind it has been involved in massive patent trolling campaigns before. And the two named inventors have both been inventors on patents that trolls have asserted hundreds of times. One is also an inventor listed on patents asserted by infamous patent troll Shipping and Transit LLC. The other named inventor is the inventor on the patents asserted by Electronic Communication Technologies LLC. Those two entities (with their predecessors) brought over 700 lawsuits, many against very small businesses. In other words, the ’648 patent has been issued to Troll Co. at 1 Troll Street, Troll Town, Trollida USA.

We believe that the claims of the ’648 patent are clearly invalid under the Supreme Court’s decision in Alice v. CLS Bank, which held abstract ideas do not become eligible for a patent merely because they are implemented in conventional computer technology. Indeed, the patent repeatedly emphasizes that the claimed methods are not tied to any particular hardware or software. For example, it states:

The software and software logic described in this document … which comprises an ordered listing of executable instructions for implementing logical functions, can be embodied in any non-transitory computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions.

The ’648 patent issued on June 30, 2015, a full year after the Supreme Court’s Alice ruling. Despite this, the patent examiner never even discussed the decision. If Alice is to mean anything at all, it has to be applied to an application like this one.

In our view, if Motivational Health Messaging asserts its patent in court, any defendant that fought back should prevail under Alice. Indeed, we would hope that the court would strongly consider awarding attorney’s fees to the defendant in such a case. Shipping & Transit has now had two fee awards made against it for asserting patents that are clearly invalid under Alice. And the Federal Circuit recently held that fee awards can be appropriate when patent owners make objectively unreasonable argument concerning Alice.

In addition to the problems under Alice, we believe the claims of the ’648 patent should have been rejected as obvious. When the application was filed in 2012, there was nothing new about sending motivational messages or automatically tailoring messages to things like location. In one proposed embodiment, the patent suggests that a “user walking to a hole may be delivered ABS messages, including reminders or instructions on how to play a particular hole.” But golf apps were already doing this. The Patent Office didn’t consider any real-world mobile phone applications when reviewing the application.

If you want to look for prior art yourself, Unified Patents is running a crowdsourcing contest to find the best prior art to invalidate the ’648 patent. Aside from the warm feelings that come from fighting patent trolls, there is a $2000 prize pool.

Despite the weakness of its patent, Motivational Health Messaging LLC might still send out demand letters. If you receive such a letter, you can contact EFF and we can help you find counsel.

We have long complained that the Patent Office promotes patent trolling by granting obvious and/or abstract software patents. The history of the ’648 patent shows how the Patent Office’s failure to properly review applications leads to bad patents falling into the hands of trolls.

Diego Gómez Is Safe, but Threats to Curiosity Still Abound

Thu, 12/21/2017 - 6:05pm
Threat of Imprisonment for Colombian Scientist Demonstrates the Far-Reaching Implications of Copyright Policy

In 2011, Colombian graduate student Diego Gómez did something that hundreds of people do every day: he shared another student’s Master’s thesis with colleagues over the Internet. He didn’t know that that simple, common act could put him in prison for years on a charge of criminal copyright infringement.

After a very long ordeal, we can breathe a sigh of relief: a Colombian appeals court has affirmed the lower court’s acquittal of Diego.

How did we get to the point where a student can go to prison for eight years for sharing a paper on the Internet?

Diego’s case is a reminder of the dangers of overly restrictive copyright laws. While Diego is finally in the clear, extreme criminal penalties for copyright infringement continue to chill research, innovation, and creativity all over the world, especially in countries that don’t have broad exemptions and limitations to copyright, or the same protections for fair use that we have in the United States.

In another sense, though, the case is a sad indictment of copyright law and policy decisions in the U.S. Diego’s story is a reminder of the far-reaching, worldwide implications of the United States government’s copyright law and policy. We failed Diego.

How did we get to the point where a student can go to prison for eight years for sharing a paper on the Internet? The answer is pretty simple: Colombia has severe copyright penalties because the United States told its government to introduce them. The law Diego was tried under came with a sentencing requirement that was set in order to comply with a trade agreement with the U.S.

International trade agreements are almost never good news for people who think that copyright’s scope and duration should be limited. By establishing minimum requirements that all countries must meet in protecting copyrighted works, they effectively create a floor for copyright law. It’s easy for signing countries to enact more restrictive laws than the agreement prescribes, but difficult to create less restrictive law.

Those agreements almost never carry requirements that participating nations honor limitations on copyright like fair use or fair dealing rights. Just this week, a coalition of 25 conservative groups sent a letter to the U.S. Trade Representative (USTR) arguing against the inclusion of any provision in the North American Free Trade Agreement (NAFTA) that would require countries to include balanced copyright limitations and exceptions such as fair use, as EFF and other groups have suggested. Countries like Colombia essentially get the worst of both worlds: strong protection for large rights-holders and weak protection for their citizens’ rights.

As we’ve pointed out before, it’s depressing that someone can risk prison time for sharing academic research anywhere in the world. If open access were the standard for scientific research, Diego would not have gotten in trouble at all. And once again, it’s the actions of countries like the United States that are to blame. The U.S. government is one of the largest funders of scientific research in the world. If the United States were to adopt a gold open access standard for all of the research it funds—that is, if it required that research outputs be made available to the public immediately upon publication, with no embargo period—then academic publishers would be forced to adapt immediately, essentially setting open access as the worldwide default.

EFF is delighted that Diego can rest easy and focus on his research, but unfortunately, the global conditions exist to put researchers all over the world in similar situations. No one should face years in prison for the act of sharing academic research. Making the changes in law and policy to prevent stories like Diego’s from happening again is a goal we should all share.

Efforts to Expand NSA Spying Trip Up

Wed, 12/20/2017 - 6:01pm

Since last night, the debate over how to reauthorize certain NSA surveillance authorities has seen a whirlwind of activity, culminating in the major news that the House Rules Committee postponed a vote today to potentially expand NSA spying powers.

As we wrote yesterday:

"According to reports published Tuesday evening by Politico, a group of surveillance hawks  in the House of Representatives is trying to ram through a bill that would extend mass surveillance by the National Security Agency. We expect a vote to happen on the House floor as early as [December 20], which means there are only a few hours to rally opposition.  

The backers of this bill are attempting to rush a vote on a bill that we’ve criticized for failing to secure Americans’ privacy. If this bill passes, we will miss the opportunity to prevent the FBI from searching through NSA databases for American communications without a warrant. Worse, nothing will be done to rein in the massive, unconstitutional surveillance of the NSA on Americans or innocent technology users worldwide."

With the House Rules Committee's postponed vote, this crisis is currently avoided. But the fight isn’t over.

We do not know the exact steps House Permanent Select Committee on Intelligence Chairman Devin Nunes, who authored the bill (H.R. 4478), will take this week. We do not know if other bills to reauthorize Section 702, originally enacted as part of the FISA Amendments Act—the NSA’s powerful surveillance authority scheduled to sunset in less than two weeks—will be introduced for a House floor vote.

But we do know that our voices are being heard. And we still know that we stand against attempts to expand NSA surveillance by hitching it to separate efforts to fund the government, a strategy that some members of Congress have considered.

As we wrote previously:

"[It] is completely unacceptable for Congressional leadership to shove Section 702 reauthorization into an end-of-year funding bill. This program invades the privacy of an untold number of Americans. Before it can be reauthorized, Congress must undertake a transparent and deliberative process to consider the impact
this NSA surveillance has on Americans’ privacy."

You can speak up. Call your representatives and let them know that it is unacceptable to attach H.R. 4478—or S. 2010—to any year-end spending bills. Attempts to sneak expanded NSA surveillance powers into entirely separate legislation are attempts to rob surveillance reform of its own needed debate. This hurts the American people and it removes the opportunity for open, transparent discussion.

Call today. Your efforts are working.

Call Now

Call Your Representatives

Is Multi-Stakeholder Internet Governance Dying?

Wed, 12/20/2017 - 5:00pm

Over the last three months of 2017, EFF has been representing the interests of Internet users and innovators at three very different global Internet governance meetings; ICANN, the Global Conference on Cyberspace (GCCS), and this week in Geneva, the global Internet Governance Forum (IGF). All of these to some extent or other are held out as representing a so-called multi-stakeholder model of Internet governance. Yet in practice there are such vast differences between them—with the GCCS being mostly government-organized, ICANN being mostly privately-organized, and the IGF falling somewhere in between—that it’s difficult to see what this multi-stakeholder model really represents.

This is one reason why EFF has generally eschewed promoting a particular model of governance by name, but rather has emphasized how fair processes with the characteristics of inclusion, balance, and accountability, can lead to better outcomes. Last month UNESCO issued a report [PDF] with a more detailed list of its own criteria of multi-stakeholder governance processes, according to which such processes should be inclusive, diverse, collaborative, transparent, flexible and relevant, private and safe, and accountable. The use of criteria such as these, rather than merely the application of the buzzword “multi-stakeholder”, enables us to critique how particular global meetings fall short in effectively involving users in the development of policies that impact them.

ICANN’s Multi-Stakeholder Model

For example, although ICANN is the organization with the least degree of control by governments, does that make it the most effective at protecting users’ rights? Not necessarily, because of the way in which its work is organized. As the Association for Progressive Communications (APC) has put it in their briefing on this year’s IGF meeting, “being influential in ICANN requires a degree of effort and consistency which is difficult to sustain.” Consequently, there is a strong tendency for ICANN working groups to be stacked with private sector stakeholders such as lawyers for intellectual property rights holders and the domain name industry, who are able to dominate discussions, to obstruct attempts at compromise, and to push for one-sided outcomes, such as the right for a single company to control a generic word domain.

As a result, ICANN, although notionally multi-stakeholder, in practice fails to fulfil the criterion of balance. Its processes do not place a priority on the facilitation of understanding and consensus between warring stakeholder groups, and this feeds politicking and strategic behavior. Even many industry stakeholders acknowledge this shortcoming; for example Jonathan Matkowsky, who works for a digital threat management company, said in an ICANN mailing list post recently, “It's very sad to see the open Internet breaking down as a result of the multistakeholder process failing to work.”

The Multi-Stakeholder IGF Under Threat

The IGF falls short in different ways. One of these is the criterion of accountability. Management of the IGF is heavily dependent upon the office of the United Nations Secretary-General, which appoints the IGF's Multistakeholder Advisory Group (MAG) in an opaque, top-down process, resulting in a top-heavy group dominated by government and industry. Originally, records of MAG deliberations were kept secret, although meeting minutes and mailing list archives have since been opened to the public.

Another way in which the IGF falls short is in failing to provide a clear pathway for the discussions that occur there to feed into the work that its stakeholders do elsewhere, such as the development of laws and regulations by governments, the development of of terms of service and policies by companies, and the design of software, standards, and tech by coders and hackers. This isn’t a separate criterion in EFF’s model of fair processes, but it is represented in the closing paragraph of our infographic on this topic, which we explain by saying “there is no point in inviting affected communities to help develop policies for the Internet if their recommendations are ignored”.

For example, although the IGF’s grassroots-organized Dynamic Coalitions can and do produce recommendations, such as the resolution on transparency in trade that the Dynamic Coalition on Trade and the Internet issued this week, the IGF itself has never done so, despite a paragraph in its mandate that requires it to be able to make recommendations, where appropriate. This is one factor has led many stakeholders, particularly from government and business, to abandon the IGF for alternative fora, and has made it difficult for the IGF to raise funds. It has even made it difficult for the IGF to find countries willing to host its meetings; in an unprecedented failure, the IGF Secretariat has yet to secure a host for its 2018 meeting, and was only able to hold a meeting in 2017 by hosting it at the UN office in Geneva.

What is Replacing the Multi-Stakeholder Model?

Why, you might ask, does it matter if a fairly obscure, 12 year old Internet governance forum loses support and goes away? Well, that really depends on where the IGF’s participants go instead. If this means that governments and business flock to less inclusive institutions such as the International Telecommunications Union (ITU) to develop rules and policies for the Internet, that could end up being profoundly dangerous for users.

More or less, that seems to be what is happening, as governments are increasingly bypassing civil society and concluding agreements directly with companies. The increasing treatment of Internet public policy issues in closed, opaque trade negotiations at regional levels and at the World Trade Organization (WTO) is one example of this. There are also governments pushing at the Working Group on Enhanced Cooperation of the Commission on Science and Technology for Development (CSTD) for the establishment of a new, government-led multilateral mechanism for the oversight of Internet-related public policy development.

In November the Council of Europe concluded agreements with large tech companies and associations on human rights, democracy, and the rule of law. The Secretary-General of the Council of Europe Thorbjørn Jagland said in his speech at the ceremonial signing, “it is the first time the Council of Europe is also giving a formal, institutional role to the private sector, one which is open-ended allowing other companies and representative associations to join in the future.” The text of this agreement is not publicly available—at least, EFF requested a copy of it from multiple parties, and was told a month ago by the Council of Europe, “we’ll look into it”.

China’s Alibaba, now the world’s largest retailer, is also taking a larger role in global Internet governance, partnering directly with governments, but leaving civil society in the cold. It recently launched a pilot Digital Free Trade Zone as a a public-private partnership with the Malaysian government, and its CEO Jack Ma was also at last month’s WTO ministerial meeting in Argentina to announce a partnership with the WTO to create an Electronic World Trade Platform (eWTP).

True Believers in Multi-Stakeholder Models

That’s why there is merit in continuing to strive for the development and improvement of truly inclusive, balanced, and accountable global fora for the discussion of Internet policy issues, rather than allowing governmental and industry-only fora to dominate. This might mean a reinvigorated and improved IGF, or it might mean something new.

Microsoft has proposed this year that there should be a new Digital Geneva Convention on cybersecurity, and during this year’s IGF it gave further details of how it sees the initial draft of this document emerging from a multi-stakeholder dialog, although it would be finalized by governments in the same manner as a conventional international treaty. The proposal has received a mixed reception here in Geneva.

The Internet Society is incubating a project that aims to bring the multi-stakeholder model to the development of other policy issues, in an outcome-oriented fashion that has eluded the IGF to date. The project, which was approved as a pilot by the board of the Internet Society in November, aims to undertake three key activities:

  • Convening stakeholders to solve concrete problems and develop norms on a consensus basis,
  • Training stakeholders on how to be effective in multistakeholder discussions, and
  • Building and promoting academic research and writing on the multistakeholder approach.

Meanwhile a French civic enterprise called Missions Publiques is promoting its proposal for a Global Citizens Debate on the future of the Internet to be piloted across the world during 2018. The project would involve ordinary citizens coming together to actively deliberate on a concrete policy issue, the results of which could then feed back to policy makers at the IGF and other venues. The project is currently seeking support from governmental, private sector and civil society partners.

For our part, we are chairing a group that is developing an option paper for the IGF’s own Multi-year Strategic Work Plan Working Group, to investigate whether there are any such multi-stakeholder processes that the IGF itself could use, possibly incorporating one or more of the above external initiatives or partners, to improve its own ability to generate useful and actionable policy recommendations, while avoiding the problems of capture that have beset ICANN, or the democratic deficits of intergovernmental text negotiations.

The important thing is not whether a particular global policy forum such as the IGF lives or dies. None of the existing Internet governance forums is perfect, or close to it. But such fora will always be part of the global governance ecosystem, and whether they are inclusive, balanced, and accountable matters. The flaws of particular self-identified multi-stakeholder fora should be identified and addressed, using user-focused criteria such as those developed by EFF and UNESCO. And we should also remain open to the idea that new innovations in global governance could emerge that would fulfil these criteria better than existing processes and institutions do.

Urgent: We Only Have Hours Left to Stop the NSA Expansion Bill

Tue, 12/19/2017 - 10:54pm

According to reports published Tuesday evening by Politico, a group of surveillance hawks  in the House of Representatives is trying to ram through a bill that would extend mass surveillance by the National Security Agency. We expect a vote to happen on the House floor as early as tomorrow, which means there are only a few hours to rally opposition.  

The backers of this bill are attempting to rush a vote on a bill that we’ve criticized for failing to secure Americans’ privacy. If this bill passes,we will miss the opportunity to prevent the FBI from searching through NSA databases for American communications without a warrant. Worse, nothing will be done to rein in the massive, unconstitutional surveillance of the NSA on Americans or innocent technology users worldwide.

As we wrote, the bill, originally introduced by Chairman Devin Nunes before the House Permanent Select Committee on Intelligence, “allows warrantless search of American communications, expands how collected data can be used, and treats constitutional protections as voluntary.”

The bill would  create an easy path for the NSA to restart an invasive type of surveillance (called "about" searches) that the agency voluntarily ended earlier this year because of criticisms from the FISA court. It would also give FBI agents the power to decide whether or not to seek a warrant to read American communications collected under Section 702.

Backers of this bill are rushing because they know that time is on our side. If we can rally enough voices of opposition, we can delay or defeat this vote, sending a powerful message to Congress. Every day can make a huge difference in this fight because Section 702, originally enacted as part of the FISA Amendments Act—the legal authority the NSA relies on to engage in this mass surveillance—expires in 12 days.

The vote on this is likely to happen today, so there’s no time to make phone calls or send emails. We are asking people to use social media to contact their representatives. We’ve set up a tool to help you tweet at your member of Congress. We also encourage you to find other social media accounts for your representatives (such as an official Facebook account) and post a comment there. 

Tweet Now

Tweet at Congress

How to Talk to Your Family About Digital Security

Tue, 12/19/2017 - 9:23pm

You and your family are sipping hot cocoa, gathered around the [holiday object of your choice], and your family member suddenly asks: “Can you help me with my [insert device here]?”

They need a question answered about their computer, phone, tablet, video game console, or internet-connected device. Maybe they have related questions about their online accounts.

Or maybe there is a teenager or college student in your family that posts intensely personal information online, and has just realized that they should probably maintain more privacy in their online lives—but isn’t sure how to start.

Or perhaps the conversation of data breaches comes up around the dinner table, and Uncle Navid insists that the only way to protect yourself is to never go online at all.

Congratulations, you are now responsible for threat modeling for the holidays!

This is a good time to take a step back, consider some common concerns and threat models, and talk to your family about digital security. Congratulations, you are now responsible for threat modeling for the holidays!

Before you begin, try to take a harm reduction approach to answering their problems. Take a moment to think about what devices and operating systems they use, what workflows they already have in place, and what kind of advice might they be receptive to.

Then, you can start to narrow down on their concerns. A good way to start is by asking: “What would you like to do, and what are you worried about?”

Threat Modeling for the Holidays
  • Does your family member already have a strong password protecting their encrypted device? Are they interested in bolstering their security further? Determine what their next steps might be. What do they already know? Do they know what they don’t know? Help them level up!

    • Is your family member applying to schools or applying for jobs? Are they worried about prospective administrators and employers finding their social media accounts? Show them how to lock down their social media account settings!

    • Are your friends eager to get the holiday shopping deals, but are they annoyed by being tracked across their purchases? Show them how to install Privacy Badger.

    • Does your family member send sensitive information, like social security numbers or medical information, through text messages? Are they worried about someone accessing this information? Show them how to use an end-to-end encrypted chat app, like Signal.

    As you are teaching your friends and family, you might encounter one of the following attitudes:

    “I have nothing to hide, so why do I need to protect privacy?”

    “I am worried about my digital security to the point of being overwhelmed. I don’t know where to start.”

    “I’m ready to take action, but not until I have a perfect handle on how all of these technical concepts fit together.”

    “There’s no such thing as perfect security, so why even bother? If someone wants to hack me, they’ll figure out a way to do it.”

    If you’re struggling with keeping them motivated to learn, try out some of these ideas.

    Help your friends and family move into the new year with added security. Let us know how these lessons go by submitting feedback to the Security Education Companion, and by using the hashtags #TheSafestConversationYoullHaveThisHoliday or #BadgerYourFamily.

    Stop the Newest Border Screening Bill

    Tue, 12/19/2017 - 3:58pm

    Biometric screening, surveillance drones, social media snooping, license plate readers—all this and more would be required by new federal legislation to expand high-tech spying on U.S. citizens and immigrants alike at and near the U.S. border.

    Sen. Charles Grassley (R-IA) introduced “the SECURE Act” (S. 2192) on December 5. It borrows liberally from two other federal bills—H.R. 3548 and S. 1757—that EFF opposed earlier this year. Those bills were respectively introduced by Rep. Michael McCaul (R-TX) in the House of Representatives and Sen. John Coryn (R-TX) in the Senate.

    Sen. Coryn’s bill, called the Building America’s Trust Act, raises concerns about digital rights, many of which are likely to be ongoing issues in Sen. Grassley’s SECURE Act.

    Sen. Coryn’s bill would require that the Department of Homeland Security:

    • Collect biometric information from all people who exit the U.S., including U.S. and foreign citizens.
    • Collect DNA and other biometric information from “any individual filing an application, petition, or other request for immigration benefit or status.”
    • Share biometric information about immigrants with the FBI, Defense Department, and State Department.
    • Review social media accounts of visa applicants from “high-risk countries.”
    • Deploy drones at the U.S. border.

    As we stated in our opposition letter then:

    “Any new statutory authority given to the government to ensure border security must be carefully balanced to ensure that it does not overreach and violate the privacy of the people it intends to protect. In EFF’s view, this bill does not achieve that balance. Instead, it expands biometric and other high-tech surveillance of U.S. citizens and foreign visitors at and near the U.S. border without regard to essential civil liberties.”

    EFF worries that these same issues are at stake in Sen. Grassley’s SECURE Act. And we recently joined a group letter against the SECURE Act, for the additional reason that it will reduce public scrutiny of high-tech surveillance at the border.

    The Department of Homeland Security’s current practices for screening immigrants and U.S. citizens needs severe curtailing, not expansion.

    Resolution on Transparency of Trade Negotiations Endorsed at U.N. Internet Governance Forum Meeting

    Tue, 12/19/2017 - 7:49am

    All this week, EFF is at the 12th annual meeting of the global Internet Governance Forum (IGF) in Geneva. Last year we co-organized the first ever main session of the IGF on trade and the Internet, recognizing how trade negotiations are incorporating an increasing number of Internet-related issues, many of which—such as copyright, domain name dispute resolution, and spam control—are already being dealt with in more transparent and inclusive fora.

    One of the key outcomes of that main session was the formation of a new IGF Dynamic Coalition on Trade and the Internet. This self-organized working group, currently led by EFF, carries on its work throughout the year, and reports back to the IGF annually. Although the Dynamic Coalition is new and its outputs do not have a formal status, its influence is already growing. For example, last month, the Dynamic Coalition was name-checked in the European Parliament’s new report on its digital trade policy.

    A further milestone for the Dynamic Coalition took place today at its inaugural face-to-face meeting, where a resolution on transparency, that had been drafted online by the group’s members during the year, was endorsed by participants at the meeting by rough consensus. The resolution includes the following recommendations:

    • Countries should publish their own textual proposals on rules in ongoing international trade negotiations at the same time as these proposals are presented to their negotiating partners.
    • Countries engaged in trade negotiations should agree to publish consolidated texts after each round of ongoing negotiations.
    • Trade ministries should act transparently by publishing records of their meetings with stakeholders, and should be overseen by an independent transparency officer, subject to statutory confidentiality and non-disclosure standards.
    • Domestic consultations on textual proposals should be opened up to the public through on-the-record notice and comment, and public hearing processes at relevant points during the development of textual proposals.
    • Countries should make trade advisory bodies more balanced by taking proactive steps to include more diverse legitimate stakeholders such as representatives of Internet users, and organisations working in the areas of human rights, development, media, and consumer issues.

    Not entirely by coincidence, these recommendations are similar to those that EFF and other groups and experts delivered to the United States Trade Representative in January this year, which were in turn influenced by the previous year’s Brussels Declaration on Trade and the Internet.

    But whereas those documents were developed by a small, self-selected group of experts, the IGF Dynamic Coalition is a completely open, multi-stakeholder group that includes members from civil society, industry, government, the Internet technical community, and international organizations. This gives its recommendations even more weight, and lays down a challenge to international organizations such as the World Trade Organization (WTO), and to ongoing plurilateral trade negotiations such as the North American Free Trade Agreement (NAFTA), Comprehensive Progressive Trans-Pacific Partnership (CPTPP), and Regional Comprehensive Economic Partnership (RCEP), to meet these emerging global best practice standards.

    Digital Trade at the WTO

    The Dynamic Coalition meeting was not the only session held on digital trade at this year’s IGF. A recurring theme in the other sessions has been the future of digital trade discussions at the World Trade Organization (WTO).

    At the recently concluded WTO Ministerial Conference in Buenos Aires more than 70 WTO members agreed to launch a new working group aimed at establishing international rules to govern digital trade. The push for crafting rules on digital trade outside of the WTO's negotiating stream is largely driven by the divide amongst member nations on how to regulate digital trade. While some countries including the U.S., the European Union countries, and Australia want digital trade to be addressed by the WTO, India and others are opposing the introduction of binding rules on this topic.

    On Monday, Public Citizen, the South Centre, and the Third World Network held a panel exploring this controversy. The panel highlighted the divide between developed and developing nations on issues such as data localization, cross-border data flows, transfer of technology, and privacy. Panellists also focused on the decreasing relevance of the WTO and the global multilateral trade system as countries move towards one-on-one negotiations. Overall, the panelists were pessimistic about the prospects of WTO members making fair and balanced digital trade rules.

    Marking a contrast with this were two Tuesday sessions organized by UNCTAD and the World Economic Forum (WEF), in which it was broadly accepted that it was inevitable that governments would make digital trade rules, and that we should try to find a way for this to be done in a way that safeguards rather than threatens the free and open Internet. The WEF workshop proposed a multi-track approach including the use of non-binding intergovernmental processes at institutions like the G7 and G20, and non-binding multistakeholder processes, to support and strengthen existing digital trade negotiations.

    But even under this multi-track approach, negotiations should still be made more open and transparent, as the Dynamic Coalition has recommended. WEF panelist William Drake stated that nation states should “Craft digital trade norms in a more transparent and participatory manner”, and “increase the participation of Internet users and other relevant stakeholders in national trade consultation processes”.

    The broad acceptance of the need for reform of the transparency and inclusivity of trade negotiations, amongst both the strongest proponents of digital trade agreements and their most staunch critics, is a sign that this is an idea whose time has come. We will be using the IGF Dynamic Coalition's resolution on transparency in our engagement with policymakers both at the global and regional level, until finally the legacy of closed, exclusionary trade agreements to write rules for the Internet is a forgotten relic of the past.

    EFF Asks Copyright Office to Improve Exemptions to the Digital Millennium Copyright Act

    Mon, 12/18/2017 - 5:57pm

    Washington, D.C.—The Electronic Frontier Foundation (EFF) asked the Librarian of Congress today to limit the legal barriers people face when they want to repair and modify software-enabled products, so that they—not manufacturers— control the appliances, computers, toys, vehicles, and other products they own.

    In comments filed in Washington D.C. today, EFF continued its years-long fight to enable owners and creators to repair, modify, and enhance products, or use snippets of films or songs, free of onerous threats that doing so somehow infringes companies' copyrights. Software-enabled devices and Internet-connected products and appliances are ubiquitous in modern life, and people aren't infringing anyone's copyright when, for example, they choose to permanently disable the embedded, on-all-the-time camera or microphone in their kids' toys, or send their car to their favorite mechanic, rather than high-priced dealerships, to be repaired.

    “It’s absurd that a law intended to protect copyrighted works is misused instead to prevent people from taking apart or modifying the things they own, inhibit scientists and researches from investigating safety features or security enhancements, and block artists and educators from using snippets of film in noncommercial ways," said EFF Legal Director Corynne McSherry. "The exemption process is one highly flawed way of alleviating that burden."

    “We rely on the devices in our lives to learn and communicate, to keep us safe and get things done,” said EFF Staff Attorney Kit Walsh. “These devices should work for us and embody our preferences, not the commercial desires of their manufacturers. We, the users of these devices, should be able to decide how they affect our  lives and how we can improve and adapt them. That’s how we ensure that technology enhances our freedoms rather than undermining them.”

    This year EFF petitioned the Librarian to exempt from Section 1201 of the Digital Millennium Copyright Act (DMCA) all modifications and repairs of software-enabled devices that don’t infringe copyrights. It’s also seeking exemptions that will allow people to tinker with smart speakers and digital home assistants such as Amazon Echo and Google Home. EFF is also seeking one clear, easier-to-use exemption for video excerpts that would allow educators, libraries, documentary filmmakers, remix artists, and others to use video snippets without fear of legal repercussions by copyright owners. The Librarian implements the exemption recommendations of the Copyright Office.

    “Our approach is simple: we are seeking to expand the types of activities that should be exempt from Section 1201 of the DMCA to encompass repairs, modifications, enhancements, and innovations that don’t infringe copyright,” said EFF Senior Staff Attorney Mitch Stoltz. “We shouldn’t have to seek exemptions for things copyright law already allows. Instead, there should be a general rule that allows people to circumvent digital locks to do any non-infringing activity.”

    For EFF’s comments:

    For more on the Section 1201 exemption process:

    For more on the unintended consequences of Section 1201 of the DMCA:


    Contact:  CorynneMcSherryLegal Directorcorynne@eff.org KitWalshStaff Attorneykit@eff.org MitchStoltzSenior Staff Attorneymitch@eff.org

    Senator Calls on Courts to Increase Transparency of Surveillance Orders

    Fri, 12/15/2017 - 4:13pm

    Federal courts must end the excessive secrecy surrounding law enforcement surveillance orders, a U.S. Senator urged in a letter on Friday. This secrecy block’s the public’s ability to fully understand how police conduct this surveillance, the lawmaker wrote.

    The letter, sent by Sen. Ron Wyden (D-Or), asks federal courts to enact several important reforms, including establishing uniform procedures for publicizing basic information about when and how often law enforcement seeks information about our communications and other data held by services such as cell phone companies, Internet service providers, and online platforms.

    The information law enforcement can obtain with these orders can often provide considerable insight into people’s private lives, including with whom they communicate, whether they have particular medical conditions, or specific locations they have traveled to over a period of time. Although courts generally require police to obtain a warrant before they obtain the contents of people’s communications, law enforcement can obtain a wealth of other information without a warrant.

    The lawmakers’ call for widespread reforms is a welcome development, as too often federal courts across the country keep these records under seal, including even basic docketing information that would only reveal the bare fact that the government applied for a court order to conduct surveillance. This has the effect of making the surveillance largely invisible to the public, journalists, researchers, and academics.

    Beyond calling for better aggregated reporting on these requests, the letter, addressed to the administrative body that oversees all federal courts, also calls on courts to begin to create public versions of their surveillance order dockets. The proposal would give the public access while preserving the secrecy around underlying orders, including the name of the individual and the service provider, when necessary. The letter also calls on courts to limit how long any particular case can be sealed to 180 days to prevent the files from becoming indefinitely sealed and falling down a memory hole.

    “The courts must embrace serious transparency reforms so that Congress and the American people have the appropriate information in order to conduct effective oversight of surveillance programs and understand the scale of government surveillance,” the letter states.

    EFF has long been concerned with the secrecy that surrounds these types of law enforcement information demands. Surveillance does not always lead to criminal prosecutions or other public proceedings, so secrecy at the initial stages may become permanent. This secrecy not only prevents basic reporting about the volume of these types of demands, it also hides any potential abuse of these powers by law enforcement. And as others have noted, the fact that these cases are sealed prevents any meaningful review of whether the surveillance powers are constitutional.

    This is why EFF has fought back against such secrecy, including recently filing a case on behalf of The Stranger in Seattle to unseal federal court records in Washington State.

    EFF thanks Sen. Wyden for his leadership, and we hope that federal courts embrace the letter’s proposals so that the public can finally get a clear picture of the type of surveillance being authorized by those courts.

    Related Cases: The Stranger Unsealing

    Team Internet Is Far From Done: What’s Next For Net Neutrality and How You Can Help

    Fri, 12/15/2017 - 3:28pm

    Defying the facts, the law, and the will of millions of Americans, the Federal Communications Commission has voted to repeal net neutrality protections. It’s difficult to understate how radical the FCC’s decision was.

    The Internet has operated under formal and informal net neutrality principles for years. For the first time, the FCC has not only abdicated its role in enforcing those principles, it has rejected them altogether.

    Here’s the good news: the fight is far from over, and Team Internet has plenty of paths forward.

    Defending Net Neutrality in Congress

    It’s not too late to stop the FCC’s rule change from going into effect. Poll after poll show that Americans overwhelmingly support net neutrality, and Congress has already been inundated with calls for them to take action. We need to keep up the pressure, and we will.

    Under the Congressional Review Act (CRA), Congress can reverse a change in a federal regulation by a simple majority vote within 60 working days after that regulation is published in the official record. In other words, Congress can vote to overturn Pai’s rule change and bring back the Open Internet Order.

    There are already members of Congress promoting compromised net neutrality bills that won’t give us all of the protections we need. Congress has a cleaner, faster path to real net neutrality: simply restore the 2015 Open Internet Order.

    Technically, Congress can’t invoke the CRA until the final rule change is published in the Federal Register, which will take several weeks. Between now and then, we will be watching Congress closely to see which members make public commitments to use the CRA to restore the Order.

    Defending Net Neutrality in Court

    While the CRA process moves forward, the FCC will be facing multiple legal challenges. Public interest groups, state attorneys general, and members of Congress are already getting ready to go to court. The FCC is required to listen to the public in its rulemaking processes and show clear evidence for its decisions. The Commission did neither in its decision to roll back the Open Internet Order. Among other things, it ignored the technical evidence EFF and others submitted showing why the 2015 Order made sense given 21st century Internet realities, in favor of self-serving claims from the ISPs and organizations they support. It relied equally heavily on the absurd notion that a few large tech companies, combined with the theoretical possibility that incumbent ISPs might some day face competition, eliminated the need for regulation. And that’s just the beginning. The new Order is full of holes, and judges will be able to see them.

    Defending Net Neutrality in the States

    Lawmakers and executive branch leaders in multiple states are working to fill the gap the FCC is creating and protect their constituents from unfair ISP practices. Before the FCC’s vote, Washington Governor Jay Inslee announced a multi-tiered plan to preserve net neutrality for Washingtonians, including cutting down on state benefits to ISPs that don’t adhere to net neutrality principles and taking measures to bring more competition to the broadband marketplace. Just after the vote, State Senator Scott Weiner announced his plans to introduce a bill preserving net neutrality protections for Californians. And this is just the beginning.

    Defending Net Neutrality at Home

    Net neutrality begins at home. One of the most important ways that we can soften the blow of losing the FCC’s net neutrality protections is to push for local policies that offer users real choices and ISPs that adhere to net neutrality principles.

    The majority of Americans have only one option for a broadband Internet provider. If that provider decides to block or throttle its users’ traffic, users have no options. To make matters worse, those providers often have de facto monopolies thanks to local government policies.

    EFF is working with policymakers and activists across the country to push for community broadband. We're working in particular with allies in San Francisco to develop a neutral infrastructure and policies for competition among providers that can serve as a model for cities across the country (.pdf). If cities invest in good Internet infrastructure—and allow multiple providers to access that infrastructure—then users can have recourse when a single provider acts unfairly.

    It’s Not Over. Call Congress Now.

    FCC may be abdicating its role in protecting the open Internet, but we will not. In the courts, in the halls of Congress, in our local communities, online and in the streets, Team Internet will fight for net neutrality – and we’ll be counting on you to join us.

    You can start today: call your members of Congress and urge them to use the Congressional Review Act to save the Open Internet Order.

    Take Action

    Tell Congress to reinstate the Open Internet Order

    Don’t Reauthorize NSA Spying in a Must-Pass Funding Bill

    Thu, 12/14/2017 - 4:28pm

    The next two weeks will be a flurry of activity in Congress. Before they can leave for the holidays, our government must—at minimum—pass at least one bill to keep the government running and also decide what to do about a controversial NSA spying authority called Section 702. Some legislators want to reauthorize Section 702, without meaningful reform, by attaching it to must-pass spending legislation. This is a terrible idea. The legislative process surrounding Section 702 already lacks necessary transparency and deliberation.                                              

    The new legislative stratagem gets complicated very quickly. Here’s what you need to know.


    On December 8th, Congress passed a temporary funding bill, or a “Continuing Resolution” (CR) to keep the government running until December 22. To prevent a government shutdown, Congress must either pass another CR by the new deadline, or ideally, finish writing the final funding bill for the rest of Fiscal Year 2018. This final funding bill is known as “the omnibus.”

    Even though the Republican Party controls the House, the Senate, and the White House, GOP leadership has struggled to find enough consensus among their members to pass the omnibus. Instead, the government is limping along with a series of short-term CRs while avoiding hard decisions on longer term funding priorities. This constant negotiation on funding between the White House and Congressional leaders from both parties means that there is less time to negotiate other issues, like necessary reforms on Section 702 NSA spying program, which is scheduled to sunset at the end of this month.

    Faced with multiple looming deadlines, legislators may be tempted to include Section 702 reauthorization in one of the funding bills. The allure of killing two (or more) birds with one stone often becomes overwhelming this time of year. Instead of taking the time to negotiate and navigate multiple difficult votes on various contentious bills, leadership finds it easier to find a majority only once.

    Who will decide to include 702 reauthorization language in the CR? 

    After consulting with the various Chairmen of Committees of jurisdiction (in this case, the Intelligence and Judiciary Committees), Congressional leadership, along with the White House, will decide what will help them get the votes they need.

    For example, a member who is not inclined to support a spending bill on its own may decide to vote “yes” on a spending bill that includes language to prohibit the NSA’s controversial “about” searching. Of course, the reverse can also be true, which is why such discussions will happen behind closed doors.

    Can anyone stop it? 

    Yes and no. Individual members or groups of members (often called Caucuses) would have to tell their leadership that they would not vote for any spending package that contains language they don’t like. If the numbers work in their favor, and leadership believes them, this will keep the language out of the bill.

    However, leadership may choose to call the members’ bluff. If the language is added over members’ objections, the members can still vote no on the whole bill. But that could cause the bill to fail and shut down the government. Government shutdowns are highly disruptive to many people, and thus politically risky. The members and the leadership take that into consideration. It’s a high-risk game of chicken—with very real and long-term consequences.

    Can the language be amended once it is added?

    Practically speaking, no. All the language in the CR is carefully negotiated behind closed doors, so leadership does not usually allow any amendments in case something accidentally passes that would cost them votes.

    Is there any limit to what language can be included in a CR?   

    Once again, practically speaking, no.

    In theory, no spending bill – CR or omnibus – should contain language that isn’t related to funding the government. Of course, how we fund the government often has policy implications, which is why these bills are often so contentious and so tightly negotiated. For example, earlier this year Rep. Kevin Yoder (R-KS) sponsored language in a funding bill that would prevent law enforcement from using any taxpayer dollars to seize cloud-hosted documents (email, photos, etc) without a warrant. In practice, the policy impact of this language would have been quite similar to the Email Privacy Commutations Act, but Rep. Yoder’s language actually only prohibits funding these actions. Adding language that has nothing to do with government funding at all, like reauthorization of the Section 702 program, does happen, but it is rare.  

    A CR is even less appropriate than an omnibus as a vehicle to make new policy. As it is designed only to be a temporary, short-term measure, a CR is theoretically only a continuation of current funding levels, with no major funding changes and no major policy changes. In practice, this rule gets waived (at the discretion of the leadership), especially when pushed up against a deadline and when the added language brings in needed votes.

    How will we know if or what 702 reauthorization language has been added to the CR?   

    Follow us on Twitter!

    In normal circumstances, all legislation is supposed to be public for at least a day before Congress votes on it. Unfortunately, these are not normal circumstances.

    When there is a difficult, tightly negotiated bill and a looming deadline (like with both the CR and Section 702 reauthorization), the House of Representatives may enact something called “martial law,” allowing leadership to move quickly through debate and final passage as soon as they have an agreement - before the media or the public have an opportunity to comment.

    EFF is in constant communication with members interested in reforming Section 702, and we’re fighting alongside them to make sure Section 702 reauthorization does not sneak through in the dead of night. We’ll make sure to let you know when we know!

    Is This Strategem OK?

    No! While the legislative calendar may pose a challenge, it is completely unacceptable for Congressional leadership to shove Section 702 reauthorization into an end-of-year funding bill. This program invades the privacy of an untold number of Americans. Before it can be reauthorized, Congress must undertake a transparent and deliberative process to consider the impact this NSA surveillance has on Americans’ privacy.

    It is troubling that a secretive NSA surveillance program may be reauthorized in a secret legislative backroom deal. But this program is too important to be hidden in a big funding bill, and members shouldn’t be forced to choose between shutting down the federal government or violating the Fourth Amendment.

    FISC Assurances on Spying Leave Too Many Questions Unanswered

    Tue, 12/12/2017 - 9:45pm

    Last week, FBI Director Christopher Wray faced questions from the House Judiciary Committee about how his department is implementing one of the government’s most powerful surveillance tools. Despite repeated bipartisan requests, Director Wray refused to tell the Members of the Committee how many Americans have been impacted by Section 702, enacted as part of the FISA Amendments Act. This isn’t the first time the FBI has refused to answer to Congress.

    EFF has long held that Section 702 is being used to violate the privacy guaranteed by the Fourth Amendment. Section 702 authorizes the acquisition of foreign intelligence information; however, because many Americans communicate with foreign persons outside the United States every day, our communications are also being captured and read without a warrant. 

    How many Americans have had their communications “incidentally collected” under Section 702? We don’t know. In fact, not even Congress knows. Although the House Judiciary Committee has sent several bipartisan letters to the Office of the Director of National Intelligence asking this exact question, ODNI has refused to respond. 

    At the hearing last week, Rep. Ted Poe (R-TX), asked Director Wray to provide information on the number of Americans impacted by Section 702, saying, “this committee has asked for a long time to give us that information. My opinion is that the FBI and the intelligence service is back-walking that information because they know FISA [i.e. Section 702] comes up at the end of this year, and then Congress will just reauthorize without knowing how many Americans are searched.” 

    The FBI has also refused to estimate how often it warrantlessly queries databases containing incidentally collected communications using Americans’ identifiers as search terms, a practice known as “backdoor search.” Rep. Poe pressed Director Wray on backdoor searches as well, giving him an ultimatum: “I hope you can provide us that information before we reauthorize FISA, otherwise I'm going to vote against FISA.”

    But Wray still didn’t answer these questions. Instead, he claimed that “every court” to have heard arguments against how the government uses Section 702 has found “no abuse” and concluded that it’s being done “consistent with the Fourth Amendment.”

    Director Wray is wrong. In 2016, the Ninth Circuit Court of Appeals upheld the use of Section 702 in United States v. Mohamud, but the court specifically said that its decision did not “involve the retention and querying of incidentally collected communications,” i.e. backdoor searches. And when the Foreign Intelligence Surveillance Court of Review (FISCR) upheld warrantless acquisition of foreigners’ communications under an earlier law, it did so because it believed the government would “not maintain a database of incidentally collected information from non-targeted United States persons” that it could search without a warrant.

    Meanwhile, the NSA and the FBI won’t even tell Congress how many non-targeted United States persons are impacted by “incidentally collected” information under the 702 program. The FBI may believe it is using Section 702 authority “lawfully and appropriately for the good and protection of the American people,” as Director Wray put it. But using a surveillance power lawfully and appropriately means following the Constitution, answering reasonable questions from Congressional oversight committees, and ensuring that all Americans have the freedom to communicate without fear of government surveillance. 

    Chairman Goodlatte agreed with Rep. Poe, saying, “This is a reasonable request from the gentleman from Texas. It has been made in varying forms by this committee in a bipartisan way in the past, and we have not yet received the answers to those questions…. We think that you need to be forthcoming on this.” 

    Bottom line: if Section 702 is going to be allowed to continue, Congress must consider the impact it has on Americans’ privacy. The FBI (and the NSA) need to answer the question. 

    Amended Version of FOSTA Would Still Silence Legitimate Speech Online

    Mon, 12/11/2017 - 9:24pm

    The House Judiciary Committee is about to decide whether to approve a new version [.pdf] of the Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA, H.R. 1865), a bill that would force online platforms to police their users’ speech more closely.

    The new version of FOSTA improves a deeply problematic bill, but it still represents the same fundamentally flawed approach to fighting criminal activity online. Like the earlier version of FOSTA—and like SESTA (S. 1693), its sibling bill in the Senate—the new version of FOSTA would do nothing to fight traffickers. What it would do is create more risk of criminal and civil liability for online platforms, resulting in them pushing legitimate voices offline.

    Closing Online Spaces Won’t End Trafficking

    Automated filters can be useful as an aid to transparent, human moderation, but when they’re given the final say over who can and can’t speak online, innocent users are invariably pushed offline.

    One of the most egregious problems with FOSTA and SESTA is the difficulty of determining whether a given posting online was created in aid of sex trafficking. Even if you can assess that a given posting is an advertisement for sex work—which can be far from obvious—how can a platform determine whether force or coercion played a role? Under SESTA, that uncertainty would force platforms to err on the side of censorship.

    SESTA supporters consistently underestimate this difficulty, even suggesting it should be trivial for web platforms to build bots that remove posts in aid of sex trafficking but keep everything else up. That’s simply not true: automated filters can be useful as an aid to transparent, human moderation, but when they’re given the final say over who can and can’t speak online, innocent users are invariably pushed offline.

    The House Judiciary Committee appears to have attempted to sidestep this problem, but it’s potentially created a larger problem in the process. That’s because the new version of FOSTA isn’t primarily a sex trafficking bill; it’s a prostitution bill. This bill would expand federal prostitution law such that online platforms would have to take down any posts that could potentially be in support of any sex work, regardless of whether there’s any indication of force or coercion, or whether minors were involved.

    The bill includes increased penalties if a court finds that the offense constituted a violation of federal sex trafficking law, or that a platform facilitated prostitution of five or more people. As Professor Eric Goldman points out in his excellent analysis of the bill, the threshold of five prostitutes would implicate nearly any online platform that facilitates prostitution. If a prosecutor could convince a judge that a platform had had the “intent” to facilitate prostitution, then those enhanced penalties would be on the table.

    It’s easy to see the effect that those extreme penalties would have on online speech. The bill would push platforms to become more restrictive in their treatment of sexual speech, out of fear of criminal liability if a court found that they’d had the intent to facilitate prostitution. Ironically, such measures would make it more difficult for law enforcement to find and stop traffickers.

    Section 230 Is Still Not Broken

    Some supporters of SESTA and FOSTA wrongly claim that Section 230 (the law protecting online platforms from some types of liability for their users’ speech) prevents any civil lawsuits against online intermediaries for user-created material that they host. That’s not true. Fair Housing Council of San Fernando Valley v. Roommates.com set a standard for when a platform loses Section 230 immunity in civil litigation—when the intermediary has contributed to the illegal nature of the content. As the Ninth Circuit said: “A website helps to develop unlawful content, and thus falls within the exception to Section 230, if it contributes materially to the alleged illegality of the conduct.”

    We think the authors of this new version of FOSTA attempted to acknowledge the Roommates.com line of cases that discuss when a platform will lose Section 230 immunity against a civil claim. However, courts assume that Congress doesn’t write superfluous language. With that in mind, the new FOSTA can be read to authorize civil claims against platforms for user-generated content beyond what existing case law has allowed. The bill would allow civil suits against platforms that were responsible for “the creation or development of all or part of the information or content provided through any interactive computer service.”

    That distinction between contributing to part of the content and materially contributing to the illegal nature of the content is an extremely important one. The former could describe routine tasks that online community managers perform every day. It’s dangerous to pass a bill that could create civil liability for the everyday work of running a discussion board or other online platform. The liability would be too high to stay in business, particularly for nonprofit and community-based platforms.

    Bottom Line: SESTA and FOSTA Are the Wrong Approach

    With this new version of FOSTA, House Judiciary Committee Chair Bob Goodlatte and his colleagues on the Committee have clearly attempted to narrow the types of platforms that would be liable for third-party content that reflects sex trafficking. But a less bad bill is not the same thing as a good bill. Like SESTA, the proposed new FOSTA bill would result in platforms becoming more restrictive in how they manage their online communities. And like SESTA, it would do nothing to fight sex traffickers.

    Supporting bills like FOSTA and SESTA might help members of Congress score political points with their constituents, but Congress must do better. It’s urgent that Congress seek real solutions to finding and apprehending sex traffickers, not creating more censorship online.

    Take Action

    Tell Congress: SESTA and FOSTA are the wrong solution

    EFF to Court: Accessing Publicly Available Information on the Internet Is Not a Crime

    Mon, 12/11/2017 - 4:14pm

    EFF is fighting another attempt by a giant corporation to take advantage of our poorly drafted federal computer crime statute for commercial advantage—without any regard for the impact on the rest of us. This time the culprit is LinkedIn. The social networking giant wants violations of its corporate policy against using automated scripts to access public information on its website to count as felony “hacking” under the Computer Fraud and Abuse Act, a 1986 federal law meant to criminalize breaking into private computer systems to access non-public information.

    EFF, together with our friends DuckDuckGo and the Internet Archive, have urged the Ninth Circuit Court of Appeals to reject LinkedIn’s request to transform the CFAA from a law meant to target “hacking” into a tool for enforcing its computer use policies. Using automated scripts to access publicly available data is not “hacking,” and neither is violating a website’s terms of use. LinkedIn would have the court believe that all “bots” are bad, but they’re actually a common and necessary part of the Internet. “Good bots” were responsible for 23 percent of Web traffic in 2016. Using them to access publicly available information on the open Internet should not be punishable by years in federal prison.

    LinkedIn’s position would undermine open access to information online, a hallmark of today’s Internet, and threaten socially valuable bots that journalists, researchers, and Internet users around the world rely on every day—all in the name of preserving LinkedIn’s advantage over a competing service. The Ninth Circuit should make sure that doesn’t happen.

    Background: Bad Court Decisions Open Door to Abuse

    The CFAA makes it illegal to engage in “unauthorized access” to a computer connected to the Internet, but the statute doesn’t tells us what “authorization” or “without authorization” means. This vague language might have seemed innocuous to some back in 1986 when the statute was passed, but in today’s networked world, where we all regularly connect to and use computers owned by others, this pre-Web law is causing serious problems

    In some jurisdictions, the CFAA has metastasized into a tool for companies and websites to enforce their computer use policies, like terms of service (which no one reads) or corporate computer policies. But other courts—including the Ninth Circuit back in 2012—have rejected turning the CFAA “into a sweeping Internet-policing mandate.” The Ninth Circuit instead chose to “maintain[] the CFAA’s focus on hacking,” holding that violating a company’s or website’s terms of use cannot give rise to liability. The court recognized that basing criminal liability on violations of computer use policies would turn innocuous activities like checking the score of a baseball game at work or fudging your age on your social media profile into a felony offenses—and make criminals out of all of us.

    Then in 2016, the Ninth Circuit reversed course and delivered two dangerously expansive interpretations of the CFAA in cases involving password sharing. Despite our warnings that the decisions would be easily misused, the court refused to reconsider either case, stressing that the decisions would be limited to their “stark” facts.

    Within weeks after the decisions were reached, LinkedIn began using these two decisions in an attempt to get around the Ninth Circuit’s 2012 ruling—and to use the CFAA to enforce its terms of service prohibition on scraping and thereby block competing services from perfectly legal uses of publicly available data on its website.

    One company targeted by LinkedIn was hiQ Labs, which provides analysis of data on LinkedIn users’ publicly available profiles. LinkedIn sent hiQ cease and desist letters warning that any future access of its website, even the public portions, were “without permission and without authorization” and thus violations of the CFAA. hiQ challenged LinkedIn’s attempt to use the CFAA as a tool to enforce its terms of use in court. hiQ won a preliminary injunction against LinkedIn in district court, and LinkedIn appealed.

    The Problems with LinkedIn’s Position

    As we told the court in our amicus brief, Linkedin’s interpretation of the CFAA is problematic for a number of reasons.

    First, allowing a website to use the CFAA as a terms of service enforcement mechanism would do precisely what the Ninth Circuit in 2012 sought to avoid: it would “transform the CFAA from an anti- hacking statute into an expansive misappropriation statute” for enforcing the use of publicly available information across the Web. Accessing public information on the open Internet cannot—and should not—give rise to liability under a law meant to target breaking into private computers to access non-public information.

    Second, imposing CFAA liability for accessing publicly available information via automated scripts would potentially criminalize all automated “scraping” tools—including a wide range of valuable tools and services that Internet users, journalists, and researchers around the world rely on every day. Automated scraping is the process of using Internet “bots”—software applications that runs automated tasks over the Internet—to extract content and data from a website. LinkedIn tried to paint all bots as bad, but as we explained to the Ninth Circuit, bots are an essential and socially valuable component of the Internet. The Web crawlers that power tools we all rely on every day, including Google Search and Amici DuckDuckGo and Internet Archive, are Internet bots. News aggregation tools, including Google’s Crisis Map, which aggregated critical information about the California’s October 2016 wildfires, are Internet bots. ProPublica journalists used automated scrappers to investigate Amazon’s algorithm for ranking products by price and uncovered that Amazon’s pricing algorithm was hiding the best deals from many of its customers. The researchers who studied racial discrimination on Airbnb also used bots, and found that distinctively African American names were 16 percent less likely to be accepted relative to identical guests with distinctively white names.

    Third, by potentially criminalizing what are in fact everyday online tools, LinkedIn’s position violates the long held “Rule of Lenity,” which requires that criminal statutes be interpreted to give clear notice of what conduct is criminal.

    Old Laws Can’t Do New Tricks

    The CFAA is an old, blunt instrument, and trying to use it to solve a modern, complicated dispute between two companies will undermine open access to information on the Internet for everyone. As we said in our amicus brief:

    The power to limit access to publicly available information on the Internet under color of the law should be dictated by carefully considered rules that balance the various competing policy interests. These rules should not allow the handful of companies that collect massive amounts of user data to reap the benefits of making that information publicly available online—i.e., more Internet traffic and thus more data and more eyes for advertisers—while at the same time limiting use of that public information via the force of criminal law.

    LinkedIn’s Position Won’t Actually Protect Privacy

    Both LinkedIn and the Electronic Privacy Information Center argue that imposing criminal liability for automated access of publicly available LinkedIn data would protect the privacy interests of LinkedIn users who decide to publish their information publicly, but that’s just not true. LinkedIn still wouldn’t have any meaningful control over who accesses the data and how they use it, because the data will still be freely available on the open Internet for malicious actors and anyone not within the jurisdiction of the United States to access and use however they wish. LinkedIn’s contractual use restrictions on automated access may provide an illusion of privacy—and deter law-abiding individuals and U.S.-based companies from using automated tools to access that data—but nothing more.

    LinkedIn knows this. Its privacy policy acknowledges the inherent lack of privacy in data posted publicly and makes no promises to users about LinkedIn’s ability to protect it: “Please do not post or add personal data to your profile that you would not want to be publicly available.” LinkedIn shouldn’t be spreading misconceptions about the “privacy” of publicly posted data in court pleadings to advance its corporate interests.

    LinkedIn Can’t Have Its Cake and Eat It, Too

    The only way for LinkedIn to truly protect the privacy of its users’ is to make their profiles non-public—i.e., to put their information behind a username and password barrier. But instead its profiles are public by default. As LinkedIn itself admits, it benefits from that data remaining public and freely accessible on the Internet: open access on its platforms means more Internet traffic (and thus more data and more eyes for advertisers). As we told the court, “LinkedIn wants to ‘participate in the open Web’ but at the same time abuse the CFAA to avoid ‘accept[ing] the open trespass norms of the Web.’” We hope the court does not allow it.

    Related Cases: United States v. David NosalFacebook v. Power Ventures

    Video: How the Court System Is Abused to Chill Activist Speech

    Mon, 12/11/2017 - 12:00pm

    One of the most pernicious forms of censorship in modern America is the abuse of the court system by corporations and wealthy individuals to harass, intimidate, and silence their critics.

    We use the term “Strategic Lawsuit Against Public Participation,” more commonly known as a “SLAPP,” to describe this phenomenon.  With a SLAPP, a malicious party will file a lawsuit against a person whose speech is clearly protected by the First Amendment. The strategy isn’t to win on the legal merits, but to censor their victims through burdensome, distracting, and costly litigation. SLAPP suits often make spurious defamation claims and demand outrageous monetary penalties to bully their enemies.  

    In EFF’s work, we’ve seen SLAPPs deployed against journalists and bloggers, cartoonists, and even people who have posted reviews on websites like Yelp and eBay. They’ve been used by election power players against their political opponents and by corporations against non-profits whose job is to hold them in check. In fact, EFF faced such a scheme when an Australian company filed a lawsuit to censor one of our “Stupid Patent of the Month” articles.  Although EFF won in court, the lawsuit required resources that we otherwise could have devoted to other battles.

    This tactic is currently being used by energy and logging corporations to target environmental groups. For example, paper-producer Resolute Forest Products sued Greenpeace, claiming they violated racketeering laws because the organization had called the company a “forest destroyer.” After a 17-month legal battle, Greenpeace emerged victorious in October when the case was dismissed in federal court. Greenpeace faces a similar suit from Energy Transfer Partners, a company best known for running the controversial Dakota Access Pipeline project.

    %3Ciframe%20width%3D%22560%22%20height%3D%22315%22%20src%3D%22https%3A%2F%2Fwww.youtube-nocookie.com%2Fembed%2FPlhVHiWM4yk%3Frel%3D0%26autoplay%3D1%22%20frameborder%3D%220%22%20gesture%3D%22media%22%20allow%3D%22encrypted-media%22%20allowfullscreen%3D%22%22%3E%3C%2Fiframe%3E Privacy info. This embed will serve content from youtube-nocookie.com


    Greenpeace is now among the many voices raising awareness of the danger of SLAPP suits, and it is offering a toolkit for environmental activists. In a new video, UC Berkeley public policy professor Robert Reich explains what’s at stake: "If the goal is to silence public-interest groups, the rest of us must speak out.  Wealthy corporations must know they can't SLAPP the public into silence." 

    Greenpeace and its environmental allies are joined by many First Amendment groups—including EFF, the First Amendment Coalition, Freedom of the Press Foundation, and the ACLU—in this campaign to educate the public on the need to fight back against SLAPP suits.  Among the most important measures you can take is joining the Public Participation Project's efforts to pass anti-SLAPP legislation in Congress.

    Anti-SLAPP laws are designed to allow defendants to quickly dismiss the frivolous claims brought against them based on a showing that they’re being targeted for engaging in protected First Amendment activity. The plaintiff bringing the suit then has to prove that they can actually substantiate their claims. If they can’t show that their legal claims have merit, a court must dismiss the suit. This allows defendants to avoid what can often be extremely costly and distracting civil discovery.

    Further, most anti-SLAPP laws feature cost-shifting provisions, such that once a defendant successfully gets the claims against them dismissed, they can force the companies who sued them to pay their attorneys’ fees and other costs related to the litigation. The threat of paying the other side’s legal fees potentially stops companies from filing SLAPP suits in the first place.

    Although some states, including California, have developed robust anti-SLAPP laws, a federal law is needed to protect and advance First Amendment protections for individuals or groups in federal court.  An anti-SLAPP bill introduced in 2015, the SPEAK FREE Act, featured many of the same protections for targets of these lawsuits described above. It would also help defendants sued in states that do not have anti-SLAPP laws or only offer extremely weak protections by allowing them to remove the case to federal court to obtain protections of the SPEAK FREE Act.

    EFF is extremely troubled by the latest SLAPP suits filed against organizations such as Greenpeace. Yet we are heartened by the group’s resolve to fight back and to bring attention to this growing threat to free speech. 

    Tell the Copyright Office: Keep Safe Harbors Safe

    Fri, 12/08/2017 - 7:27pm

    The Digital Millennium Copyright Act (DMCA) safe harbors are a vital protection for websites and Internet services of all sizes. But thanks to a new Copyright Office rule, website owners could lose safe harbor protections if they don’t register online by December 31. And that’s not all: Hollywood lobbyists are pushing the Copyright Office to create even more hoops for website owners to jump through in order to keep their safe harbor.

    Under current law, the owners of websites and online services are protected from monetary liability when their users are accused of infringing copyright. Owners must meet many requirements in order to be eligible for that protection, including participating in the notorious notice-and-takedown procedure for allegedly infringing content. They also must register an agent with the Copyright Office, someone who can respond to takedown requests.

    The DMCA is far from perfect, but it does allow websites and other intermediaries that host third-party material to thrive and grow without constant threat of litigation. Without safe harbors, small Internet businesses could face bankruptcy over the infringing activities of just a few of their users.

    Now, a lot of those small sites risk losing their safe harbor protections. That’s because the Copyright Office recently made new rules for registering agents. Under the new system, the Office has decided that website owners must renew their registrations every three years or risk losing safe harbor protections. As we’ve written before, there’s simply no good reason for agent registrations to expire. We’re also afraid that it will disproportionately affect small businesses, nonprofits, and hobbyists, who don’t have the same staff resources as big Internet companies.

    That’s just the beginning. If certain big media and entertainment companies get their way, it will become much more difficult for websites of any size to earn their safe harbor status. That’s because those companies’ lobbyists are pushing for a system where platforms would be required to use computerized filters to check uploads for potential copyright infringement.

    Requiring filters as a condition of safe harbor protections would make it much more difficult for smaller web platforms to get off the ground. Automated filtering technology is expensive—and not very good. Even when big companies use them, they’re extremely error-prone, causing lots of lawful speech to be blocked or removed.

    Besides, no computer can understand the human context that goes into determining whether a given use of a copyrighted work is a fair use. Requiring websites to monitor uploads more restrictively would result in legitimate uses of copyrighted works being pushed off the Internet.

    If you run a website or app that stores material posted by users, then don’t wait. Register (or re-register) a DMCA agent through the Copyright Office’s online system today. Then, whether you own a website or not, sign our letter to the Copyright Office telling them why the safe harbors are vital protection for Internet users, and asking them not to impose new obstacles.

    Take action

    Tell the Copyright Office: Keep safe harbors safe!

    Protect Your Right to Repair and Control the Devices in Your Life

    Fri, 12/08/2017 - 6:50pm

    Have you encountered difficulties repairing or tinkering with your devices because of technology that stops you from figuring out how it works? EFF wants your stories so that we can defend your right to get around those roadblocks.

    We want to hear about your experiences with anything that has a software component, from the Internet of Things, to vehicles, to Smart TVs, to appliances… anything you can think of. We think you should have the right to repair, inspect, and reprogram the devices you rely on. We’re taking an especially close look at new devices that can listen to what goes on in your home, like the Amazon Echo, Google Home, and the Apple HomePod.

    How the Law Stops You From Tinkering

    Section 1201 of the Digital Millennium Copyright Act (DMCA 1201) gives device manufacturers a legal tool to keep you from understanding and modifying the things you buy. While DMCA 1201’s stated goal was to prevent copyright infringement by punishing people for breaking the technological mechanisms companies put on their material to protect it, the law has been used against artists, researchers, technicians, and users, even when the reasons why they were trying to circumvent digital locks were completely lawful.

    That “gotcha” situation, where using material is legal but access to the material is restricted, is one of the reasons the law is so flawed. The law poses an unconstitutional restriction on an entire range of speech that relies on access to copyrighted works or describes flaws in access controls—even where that speech is clearly noninfringing. Another major flaw is that the law, written almost 20 years ago, was initially meant to apply to copyrighted material like music, movies, and books locked down by DRM (digital rights management software that restricts access). But as more pieces of technology come with computerized components, software covered by the law runs on more and more devices we use every day—from tractors to microwaves—so opening up something you bought and own in order to fix it can be a violation.

    Why We Need Your Stories Now

    Once every three years, there’s a window of opportunity to get exemptions to this law and protect legitimate uses of copyrighted works, like repairing and tinkering. For 2018, we’re seeking a number of exemptions, and we need your help. It would be especially valuable to hear your stories about attempted repairs, modifications, jailbreaking, and so on that have been hindered by the ban on circumvention.

    If you have a project you would not be able to do because of the ban on circumvention, or if you’ve been otherwise directly affected by DMCA 1201’s ban on accessing code in your devices, send us a few sentences describing what you were trying to do and how access controls got in the way. We’re going to be presenting evidence to the Copyright Office on why these exemptions are needed, and your stories are a part of that. You can make your voice part of this effort by emailing us at dmcastories@eff.org, and we’ll curate those stories so we can present the most relevant ones alongside our arguments to the Copyright Office.

    Add Your Voice

    Email us your story about the ban on circumvention

    The comments we submit will become a matter of public record, but we will not include your email address. Please sign your message with your name and town of residence, or “Anonymous” if you prefer. If you do not include a name after your message and we submit it, we will attribute it to “Anonymous” as well.

    This is a team effort. The last time around, we were focused on cars, and heard some great stories from you about repair problems and creative modifications that helped the Copyright Office understand the human impact of this law. Now we’re interested in all devices. Help us fight for your rights once again!

    Nominations Now Open for The Foilies 2018

    Fri, 12/08/2017 - 12:08pm

    For the fourth year, EFF is naming and shaming government officials and agencies around the country who stand in the way of transparency. We honor these information gatekeepers with The Foilies, our tongue-in-cheek “awards” during Sunshine Week, which runs from March 11-17, 2018. Think of it like “The Golden Raspberries,” but with outrageous responses to public records requests instead of box-office blunders.

    We’re accepting outside nominations through Dec. 31. So please: 

    • Send us your government secrecy Gigli.
    • Tell us about the Freddy Got Fingered response to your Freedom of Information Act request. 
    • If an agency demanded you pay the equivalent of Battlefield Earth’s budget before handing over your records, we want to know. 

    Once again, we’re collaborating with the Association of Alternative Newsmedia and its participating member publications to publish The Foilies and ensure they serve as a warning to agencies far and wide. 

    For more information on how to offer up agencies for consideration, please keep reading our FAQ below. 

    To give you a taste, last year’s winners are available here.

    Who Can Win?

    The Foilies are not awarded to people who filed FOIA requests. These are not a type of recognition anyone actually should covet. There’s no physical trophy or other tangible award, just a virtual distinction of demerit issued to government agencies and public officials (plus the odd rock star) who snubbed their nose at transparency. If you filed a FOIA request with the Ministry of Silly Walks for a list of grant recipients, and a civil servant in a bowler hat told you to take a ludicrous hike, then the ministry itself would be eligible for the Foilies. 

    What Are the Categories?

    For the most part, we do not determine the categories in advance. Rather, we look at the nominations we receive, winnow them down to the most outrageous, then come up with fitting tributes, such as the “Most Expensive FOIA Fee Estimate” and “Sue the Messenger Award.” That said, there are a few things we’re looking for in particular, such as extremely long processing times and surreal redactions.

    Who Can Nominate 

    Anyone, regardless of whether you were involved in the issue or just happened to read about it on Twitter. Send as many nominations as you like! 


    All nominations must have had some event happen during calendar year 2017. For example, you can nominate something related to a FOIA request filed in 1994 if you finally received a rejection in 2017.


    All nominations must be received by Dec. 31, 2017.

    How to Submit a Nomination

    Send nominations to foilies@eff.org with “FOILIES 2018 NOMINATION” in the subject line. You can nominate multiple entries in a single email, just make sure to enumerate the nominations so we can easily separate them. Please try to include the following information: 

    Category: One-line suggested award title

    Description: Succinct explanation of the public records issue and why it deserves recognition. 

    Links: Include any links to stories, records, or other information that will help us better understand the issue. 

    Contact details: Include a way for us to reach you with further questions. This information will remain confidential.

    If we short-list your nomination, we may be in touch to request more information.


    Adult Content Policies: A Textbook Case of Private Censorship

    Thu, 12/07/2017 - 2:50pm

    Of the many reasons why social media platforms should resist pressure to “voluntarily” censor their users, one stands out: history shows that they will do it badly, taking down valuable and lawful content in the name of enforcing community standards. The result: practical speech discrimination. 

    Facebook’s adult content policy is a textbook example. Since its early days, the platform has banned nearly all forms of nudity. But from day one, it has created reporting processes that conflate mere nudity with sexuality, and sexuality with pornography, and has applied different standards to feminine bodies than to masculine ones.

    And the same double standards seem to apply to advertisements. First, the conflation: Facebook’s advertising policy explicitly bans “nudity, depictions of people in explicit or suggestive positions, or activities that are overly suggestive or sexually provocative.” Thanks to this policy, an ad from the National Campaign to Prevent Teen and Unwanted Pregnancy promoting regular health checkups, was rejected for violating Facebook’s advertising guidelines “for language that is profane, vulgar, threatening or generates high negative feedback”—the language in question? “You’re so sexy when you’re well.” Now, the double standard: all of the images used as examples of “inappropriate ads” are of women.

    The latter inconsistency is particularly galling given that activists have been challenging Facebook’s gender politics for years. Nonetheless, although Facebook says its policies are intended to apply to all genders, the actual application has never been consistent or fair. For example, the company allows hookup apps to advertise, but has banned images of fat women on the grounds that they promote unhealthy behavior (the company apologized after significant press coverage). 

    Most recently, journalist Sarah Lacy complained that advertisements for her book—entitled The Uterus is a Feature, Not a Bug—had been rejected for containing the U-word...meanwhile, many users were recently served an ad containing a graphic depiction of a penis-stretching device from a verified account.

    Author Sarah Lacy says Facebook refused to advertise the book title on the left. Facebook accepted the advertisement on the right.

    In the midst of ongoing political divisions, it’s easy to dismiss an issue like this as trivial, but everyday censorship can have a serious impact on social media users. Reports received by Onlinecensorship.org demonstrate the centrality of Facebook to many individuals’ lives—users who have received temporary or permanent suspensions often express despair at having been disconnected from their friends and families, while others (particularly those in creative industries) have cited professional consequences as a result of bans. 

    Facebook’s regulations on adult content and nudity disproportionately affect women and transgender individuals, and its advertising policies are no different. These policies are discriminatory and inconsistently applied, often resulting in censorship of marginalized populations while other, more privileged users are not held to the same standard. We recognize that private companies, including Facebook, have the right to set and enforce whatever regulations on content they choose to apply on their own platforms. However, companies should apply their chosen policies consistently and equally, with clearly defined due process procedures available to users when their content is removed. We call on Facebook to apply equal treatment to content, and consistent application of their policies.