Apply now for the Central European University Summer Course on Drug Policy and Human Rights. Application deadline: 15 February, 2013

Have you have you found a way to break in? Have you suffered a break-in? Come hear a night of lively personal stories from ex-lawyers, sword swallowers, former kids, and more.

In the midst of the major press blitz surrounding its annual I/O Conference, Google dropped some unfortunate news about its instant messaging plans. In several places around the web, the company is replacing the existing "Talk" platform with a new one called "Hangouts" that sharply diminishes support for the open messaging protocol known as XMPP (or sometimes informally Jabber), and also removes the option to disable the archiving of all chat communications. These changes represent a switch from open protocols to proprietary ones, and a clear step backward for many users.

Backsliding on Interoperability

Google's earlier full support for XMPP meant that users could chat with people on other instant message services, or even who host their own chat servers. This kind of decentralization is a good thing: it decreases lock-in to any particular service, which in turn lets the services compete on important factors like quality, uptime, or respect for user privacy.

Some users, for example, may not want to provide Google with information about the content of their messages, or even when and from where they have logged in, or to whom they are chatting frequently. Information about the people that users are chatting with can be sensitive—remember, that data was at the center of an earlier privacy backlash when Buzz, an earlier social effort, made it public by default.

Allowing federation between services lets users make these choices themselves. Here's an explanation of the importance of federation from Google's own documentation of its Talk platform, in a section called "Open Communications":

[Service choice] allows you to choose your service provider based on other more important factors, such as features, quality of service, and price, while still being able to talk to anyone you want.

Unfortunately, the same is not true with many popular IM and VOIP networks today. If the people you want to talk to are all on different IM/VOIP services, you need to sign up for an account on each service and connect to each service to talk to them.

The new Hangouts protocol raises precisely the concerns Google outlines above. Users are given only the choice to use Google's chat servers or to cut themselves off from people who do. Worse, Google users aren't presented with any notice about the change: their buddies who use jabber.org, member.fsf.org, or any number of other XMPP servers, will simply not appear as available for chat.

These changes are the result of Google dropping a particular subset of the XMPP standard—namely server-to-server federation. But for now, Google still supports client-to-server connections, which means that as long as you are logging in with a Google chat account, you can chat using any compliant application.

That's important for a number of reasons. A major one is that no official Google client supports Off-the-Record (OTR) encryption, which is increasingly a critical component of secure online communication. If both participants in a chat are using Off-the-Record encryption, they've got a secure end-to-end line, which means nobody except the two of them—including their service provider—can read their messages.

Changes to History

Unfortunately, another change from Google may force users to make a hard choice about whether to use those external clients like Pidgin, Adium, Gibberbot, or Chatsecure to chat. In particular, the dilemma comes from the way Google has changed how it archives chats and presents them to the user.

Previously, users could disable "chat history," which would prevent instant messages from being saved to to their Gmail account. Under the new settings, users who don't want to keep a copy of their conversations accessible through Gmail must disable the re-named "Hangout History" on an individual basis with each contact.1 The catch is that users can only disable Hangout History with an official Google Hangouts client.

So privacy conscious users who want to use Off-the-Record encryption where possible, but to keep messages out of their Gmail accounts in any case, are out of luck. And if they wish to continue chatting with their friends on Google chat, they can't even take their business elsewhere.

As of last week, Google is prompting users to replace the Android Talk app with Hangouts, and to switch to Hangouts within Gmail in the Chrome browser. Be advised before updating of the cost to openness of making these "upgrades."

What Should Google Do?

In public explanations of its dropping XMPP support, Google has said that it was a difficult decision necessitated by new technical demands. But even if this new protocol responds to different technical requirements, that shouldn't prevent the company from making it public and interoperable. Releasing the specifications for Google Hangouts would be a good first step. Releasing free/open source clients and servers should follow. It's clear that some of Hangouts' video features have been implemented in some very Google-specific ways. But that's no excuse for leading us toward a world where the only practical choices are proprietary chat clients and protocols.

Another easy move that would benefit users would be for Google to support Off-the-Record encryption in its official Hangout clients. If such meaningful privacy options were available to users, it might mitigate the harms of offering privacy settings only via Google's proprietary apps.

In Google's "Open Communications" documentation quoted above, the company explains why it made a commitment to open communication channels:

Google's mission is to make the world's information universally accessible and useful. Google Talk, which enables users to instantly communicate with friends, family, and colleagues via voice calls and instant messaging, reflects our belief that communications should be accessible and useful as well.

We're frustrated and disappointed to see Google take these steps back from that mission.

• 1. To be clear, even the earlier setting was far from perfect from a privacy perspective: disabling chat history only kept the logged messages out of your Gmail account, and didn't prevent other users, or Google itself, from keeping a record of the conversation.

Related Issues: PrivacySecurity
Share this:   ||  Join EFF

Just FYI… The American Enterprise Institute (AEI) is looking for a full-time Program Manager for its new project focused on Internet, communications, and technology policy. The job description can be found online here and is pasted down below:

# # #

The American Enterprise Institute seeks a full-time Program Manager for its new project focused on Internet, communications, and technology policy.

This project will advance policies to encourage innovation, competition, liberty, and growth, creating a positive agenda centered on the political economy of creative destruction. The Program Manager will work closely with the Program Director in the development and day-to-day management of the project; conducting research; developing a new blog website; commissioning monographs and reports; and coordinating events.

Additionally, the Research Program Manager is expected to:

• Be a strong writer, capable of drafting and editing funding proposals, research and opinion articles, marketing materials, and correspondence
• Provide research and administrative support for the program director on various technology policy initiatives, as required
• Be capable of managing numerous projects, initiatives, conferences, and deadlines simultaneously, without oversight
• Contribute original writing and research to AEI research programs
• Be well-versed in Internet and communications policy and capable of proposing new ideas for conferences, initiatives, and projects

The ideal candidate for this position will combine an outstanding academic record with experience working in a technology and communications policy environment with extensive project-management responsibilities, and excellent writing, research and communications skills. BA in economics, or related degree required. The candidate should have a demonstrated interest in a wide range of policy topics and should have a strong grasp of Washington institutions and current events. Applicants should be flexible, creative, and have proven time-management and writing skills.

If interested, please submit an online application to www.aei.org/jobs, complete with a cover letter, resume, transcripts, and 500-word writing sample.

Library of Congress Magazine: "The Law Library and CRS, working with the Library's web services experts, maintain THOMAS, the Internet-accessible...

Government Efficiency and Effectiveness - Opportunities to Reduce Fragmentation, Overlap, and Duplication through Enhanced Performance Management and Oversight, GAO-13-590T, May...

Transactional Records Access Clearinghouse: "Of the 1,500 individuals taken into custody by Immigration and Customs Enforcement (ICE) on a typical...

"Today, EFF filed a motion in a secret court. This secret court isn?t in a developing nation, struggling beneath a...

Transactional Records Access Clearinghouse: "There were 27,588 new civil court suits filed in federal district courts during the month of...

 

Today, California Secretary of State Debra Bowen announced her plans to make the raw data behind California’s lobbyists and campaign finance database available, online, on one spreadsheet available to the public and updated daily.

Secretary Bowen’s announcement is a reversal from a position she has long held since  Common Cause began asking for this disclosure in 2011.  This could not have been possible without the pressures imposed from groups such as California Common Cause, Maplight, as well as the Los Angeles Times and Sacramento Bee.  Of course, Secretary Bowen deserves lots credit for listening to our coalition’s concerns and ensuring this information is available to the public. Other state agencies should follow her in her footsteps and make public data, well, public.

“Great credit goes to Secretary Bowen for recognizing the importance of this data set,” said Daniel G. Newman, Co-Founder and President of MapLight. “It’s not just a small feature that she’s adding—it’s a great public access victory and a quantum leap forward for transparency.”

Currently, the information is available on a CD-ROM upon request and for a $5 fee.  This new disclosure will allow raw data to be made available 24 hours a day in a single spreadsheet. Raw data disclosures will allow the public to follow and keep track of money in politics, and for watchdog groups like ourselves, to more effectively hold the people in power more accountable.

Full list of coalition partners that made this happen: Common Cause, MapLight Around The Capitol, California Forward, California Newspaper Publishers Association, Courage Campaign, Global Exchange, Los Angeles Times, Rootstrikers, The Sacramento Bee, Sunlight Foundation, and Senator Leland Yee.

"The Federal Reserve Board and the Federal Open Market Committee on Wednesday released the attached minutes of the Committee meeting...

Bad facts make bad law: it’s legal cliché that is unfortunately based on reality. We saw as much yesterday, in the case of Ryan Hart v. Electronic Arts.  Presented with a situation that just seemed unfair, the Third Circuit Court of Appeals proceeded to make a whole bunch of bad law that puts dollars ahead of speech.

Here are the facts: Electronic Arts sells a videogame called NCAA Football.; Part of the success of the game is based on its realism and detail—including its realistic digital avatars of college players.  One of those players was Ryan Hart, who played for Rutgers University from 2002 to 2005. NCAA Football did not use Hart’s name, but the game included an avatar with Hart’s Rutgers team jersey number, biographical information, and statistics. Trouble is, no one asked Hart if he wanted to be part of the game. Nor did anyone pay him for it—they couldn’t, because college players aren’t allowed to accept money for any kind of commercial activity. When Ryan discovered the game, he sued EA based on a lesser-known but pernicious legal doctrine, the right of publicity.

The right of publicity a funny offshoot of privacy law that gives a (human) person the right to limit the public use of her name, likeness and/or identity, particularly for commercial purposes like an advertisement. The original idea was that using someone's face to sell soap or gum, for example, might be embarrassing for that person and that she should have the right to prevent it. While that might makes some sense in a narrow context, states have expanded the law well beyond its original boundaries. For example, the right was once understood to be limited to name and likeness, but now it can mean just about anything that “evokes” a person’s identity, such as a phrase associated with a celebrity (like “Here’s Johnny,”) or even a robot dressed like a celebrity. And in some states, the right can now be invoked by your heirs long after you are dead and, presumably, in no position to be embarrassed by any sordid commercial associations. In other words, it’s become a money-making machine.

But there has traditionally been at least one limit on publicity claims: the First Amendment. In a nutshell, courts are supposed to balance a person’s right to control the use of her identity against others’ right to expressive speech – including videogames. Unfortunately, the Third Circuit just threw that balance way out of whack.

The good: The court recognizes that videogames are protected expression under the First Amendment, and that free speech is important. Whew!

The bad: The court embraced the wrong test for balancing a person's commercial interests against free speech. Many courts have sensibly borrowed from trademark law and found that, where the invocation of an identity is part of the expressive purpose, the court should not punish it unless it is in essence a disguised advertisement, e.g., the user is just trying to use a person's name to call attention to an product (like potato chips).

Here, the court went off in an entirely different direction, borrowing instead from copyright law to conclude that only uses that are “transformative” can be protected by the First Amendment. In copyright, whether a work is transformative, i.e., creates something new with a different purpose or character, is an important part of the fair use analysis. However, the court imported a decidely narrow approach to transformativeness: did not consider whether the game as a whole had transformative value, as one would in a copyright case, but focused solely only on how Hart's identity was used or transformed. The court reasoned that since the “digital Ryan Hart does what the actual Ryan Hart” did, i.e. play college football, there was no transformation and Hart’s economic interests trumped EA’s free speech interests. The court was also selective about what it chose to import from copyright, ignoring several other factors relevant to fair use, such as market harm and whether the underlying work is factual (if so, copyright protection is “thinner”).

As a group of video and filmmakers pointed out, the transformation test is a bad fit for publicity rights. The fair use analysis generally balances competing speech interests—those of the original and secondary authors. But there is no speech interest in cashing in on your fame. In addition, copyright law is designed to encourage creativity through economic incentives. No such additional incentive is needed for celebrities.

It’s entirely understandable that a court might sympathize with Ryan Hart. But if the court’s test was applied broadly, it could have a devastating impact on creative works that relate to real people and life stories. For example, the rationale would apply directly to political biographies or biopics like The Social Network. It could even impact news reporting. The appellate court’s decision sends a message to all creators—if you create a work that happens to evoke someone’s identify, and your use isn’t “transformative” enough, your free speech is less important than that person’s ability to milk his or her fame for everything it’s worth.

Finally, the ugly: The Third Circuit expressly embraced a very silly notion: that your name and fame are your “property.”  Nonsense—publicity rights are a limited right to control use of your identify for commercial purposes—nothing more, nothing less.  As we’ve seen with copyrights and trademarks, treating limited monopolies in certain expression this way leads people to embrace broad and dangerous new forms of protection. By treating publicity rights as equivalent to a real property right (in your home, for example), the court gave far too much weight to celebrities’ interest in control over their image and far too little weight to free speech.

Bad facts, bad law. We hope EA appeals this decision, and that the Supreme Court overturns it.

Files:  hart_v._ea_3rd_cir_decision_copy.pdfRelated Issues: Free SpeechVideo GamesIntellectual Property
Share this:   ||  Join EFF

According to the New York Times, President Obama is "on the verge of backing" a proposal by the FBI to introduce legislation dramatically expanding the reach of the Communications Assistance for Law Enforcement Act, or CALEA. CALEA forces telephone companies to provide backdoors to the government so that it can spy on users after obtaining court approval, and was expanded in 2006 to reach Internet technologies like VoIP. The new proposal reportedly allows the FBI to listen in on any conversation online, regardless of the technology used, by mandating engineers build "backdoors" into communications software. We urge EFF supporters to tell the administration now to stop this proposal, provisionally called CALEA II.

The rumored proposal is a tremendous blow to security and privacy and is based on the FBI's complaint that it is "Going Dark," or unable to listen in on Internet users' communications. But the FBI has offered few concrete examples and no significant numbers of situations where it has been stymied by communications technology like encryption. To the contrary, with the growth of digital communications, the FBI has an unprecedented level of access to our communications and personal data; access which it regularly uses. In an age where the government claims to want to beef up Internet security, any backdoors into our communications makes our infrastructure weaker.

Backdoors also take away developers' right to innovate and users' right to protect their privacy and First Amendment-protected anonymity of speech with the technologies of their choice. The FBI's dream of an Internet where it can listen to anything, even with a court order, is wrong and inconsistent with our values. One should be able to have a private conversation online, just as one can have a private conversation in person.

The White House is currently debating whether or not to introduce the bill. Here's why it shouldn't:

There's Little Darkness: Few Investigations Have Been Thwarted

The starting point for new legislation should be a real, serious, and well-documented need. Despite the FBI's rhetoric, there are few concrete examples of the FBI's purported need to expand its already efficient all-seeing eye. Current law requires annual reporting by the Department of Justice (DOJ) regarding the use of the government's wiretapping powers; the report includes statistics on how often Federal law enforcement has been impeded in a court-authorized investigation by encryption or has been unable to access communications. These statistics show that this has happened only rarely. In its most recent report—from 2010—DOJ reported that encryption had only been encountered all of 12 times.

Did the encryption stop the investigation, or even prevent the wiretappers from figuring out what was being said? No. The report admits that in all of these instances, police were able to obtain the plain text of communications. Previous years' numbers are similar. Aside from government reports, in 2012 telecommunications companies also revealed that a very low percentage of law enforcement requests for user information were rejected. In AT&T's case, only 965 out of over 250,000 requests for user information were rejected. Overall, the available public statistics don't appear to support the FBI's claims about its inability to access communications.

Law Enforcement Already Has Unprecedented Access

Any requested expansion of FBI surveillance authority has to consider the overall ability of law enforcement to investigate crimes. What the FBI doesn't mention when pushing new backdoors into our communications is that now, due to the shift to digital communications, law enforcement has an unprecedented level of access to, and knowledge of, the public's communications, relationships, transactions, whereabouts, and movements. Law enforcement now can gain 24/7 monitoring of most people's movements using cell phone location data. But that's just the beginning. A glance at the Wall Street Journal's multi-year What They Know project shows some of the treasure troves of data that are being maintained about all of us. By accessing these databases and by using new electronic surveillance technologies law enforcement already has visibility into almost every aspect of our online and offline lives—capabilities beyond the wildest dreams of police officers just a few decades ago.

Indeed, former White House Chief Counselor for Privacy Peter Swire and Kenesa Ahmad argued persuasively in 2011 that, overall, "today [is] a golden age for surveillance"—regardless of whether law enforcement is assured of automatic access to each and every kind of communication, and regardless of whether individuals sometimes succeed in using privacy technologies to protect themselves against some kinds of surveillance.

First, there's information obtained from cell phones. In July 2012, the New York Times reported that federal, state, and local law enforcement officials had requested all kinds of cell phone data—including mappings of suspects’ locations—a staggering 1.3 million times in the previous year. Cell phone companies can create what amounts to detailed maps of our locations and turn them over to law enforcement. Even without asking for cell phone providers' direct assistance, law enforcement has considerable ability to use mobile devices to track us. Federal and state law enforcement have made extensive use of IMSI catchers (also popularly called “stingrays,” after the brand name of one such device). These devices can act as a fake cell phone tower, observing all devices in a certain area to find a cell phone's location in real-time, and perhaps even intercept phone calls and texts.

Laws compelling companies to divulge user information accompany these techniques. For instance, National Security Letters, served on communications service providers like phone companies and ISPs, allow the FBI to secretly demand stored data about ordinary Americans' private communications and Internet activity without any meaningful oversight or prior judicial review. And Section 215 of the PATRIOT Act allows for secret court orders to collect “tangible things” that could be relevant to a government investigation. The list of possible “tangible things” the government can obtain is seemingly limitless, and could include everything from driver’s license records to Internet browsing patterns. The FBI has even broken into individuals' computers to collect data from inside the computers themselves. More backdoors aren't needed.

Backdoors Make Us Weaker and More Vulnerable

CALEA II will force companies with messaging services—from Google to Twitter to video game developers—to insert backdoors into their platforms. But backdoors only make us weaker and more vulnerable. It's ironic that CALEA II may be proposed only months after Congress pushed “cybersecurity” legislation to protect our networks. The notion of mandating backdoors in software is the antithesis of online security, which is why some academics have called it a “ticking time bomb.”

A proposal to expand backdoors into communications software ensures that online hackers, communications company insiders, and nation-states have a direct entrance to attack—and steal from—companies and government agencies. In one notorious example, someone exploited backdoors in a Greek phone company's systems and recorded sensitive conversations involving the Prime Minister. Wiretapping backdoors even affect national security. In 2012, Wired revealed the NSA's discovery and concern that every telephone switch for sale to the Department of Defense had security vulnerabilities due to the legally-mandated wiretap implementation. If politicians are serious about online security, they will not make these security blunders even worse by bringing more sensitive communication technologies under CALEA's scope.

Just last week, an ad hoc group of twenty renowned computer security experts issued a report explaining their consensus that CALEA II proposals could seriously harm computer security. These experts said that a requirement to weaken security with deliberate backdoors “amounts to developing for our adversaries capabilities that they may not have the competence, access or resources to develop on their own.”

And now the Washington Post has reported that intruders, allegedly working on behalf of the Chinese government, broke into Google's existing surveillance systems. (In this case, the report says that the intruders learned who was targeted by these systems, rather than accessing the contents of the targets' accounts or communications—but it's easy to see that wiretap contents would ultimately represent an even bigger target, and a bigger prize. Even more exciting would be the prospect of remotely activating new wiretaps against victims of an intruder's choice.)

Internet Users Have the Right to Secure Communications

Expanding CALEA is not only a tremendous risk for our online security; it's a slap in the face of Internet users who want to protect themselves online by choosing privacy-protecting software to shield their communications. Ordinary individuals, businesses, and journalists want and often need state-of-the art software to protect their communications in an era of pervasive spying by commercial rivals, criminals, and governments around the world. The government's rhetoric takes us back to the early 1990s when US law enforcement spoke openly of banning secure encryption software to keep it out of the public's hands. EFF and others had to fight—including in the Federal courts—to establish the principle that publishing and using encryption tools is an essential matter of individual freedom and protected by the First Amendment.

Once those “crypto wars” were over, the US government seemed to accept the right of Americans to secure communications and abandon the idea of forcing innovators to dumb down these technologies. We turned our concerns to foreign governments, several of whom were trying to ban communications tools for being “too private.” (For instance, the Associated Press reported five countries threatened to ban BlackBerry services in 2010 because the services protected user privacy too well.) Americans, including the US State Department, began supporting the development and distribution of secure communications tools to foreign rights activists who need them. Now this battle may be coming home.

Even with these tools, most Americans can protect only a tiny fraction of the trail of data we leave behind electronically as we live our lives. But we still have the right to choose them and try our best to keep our private communications private.

CALEA Must Not Come Back

The government should place any proposal to expand CALEA on hold. There is little evidence the FBI is actually “going dark,” especially when balanced with all the new information they have access to about our communications. And backdoors make everyone weaker. In a time when “cybersecurity” is supposed to be a top priority in Washington, the FBI is pushing a scheme that directly undermines everyone's online security and interferes with both innovation and the freedom of users to choose the technologies that best protect them. Tell the White House now to stop the proposal in its tracks.

Related Issues: PrivacyCALEAEncrypting the WebNSA SpyingSecurity
Share this:   ||  Join EFF

When most people think of a trade agreement, they're unlikely to think that it would have anything to do with regulating the Internet. For more than a decade however, the Office of the U.S. Trade Representative has included copyright enforcement in international trade deals. Such provisions empower countries to enact digital restrictions in the name of preventing illegal file sharing. In practice, these copyright measures strip Internet users of their rights to privacy, free speech, and access to knowledge and culture, and could even work to undermine their very purpose of enabling and promoting innovation and creativity.

Such provisions closely mirror the language carried in the U.S. Digital Millennium Copyright Act (DMCA). Up to this point, we have already seen over 15 years of harmful effects due to the DMCA and now there are widespread efforts in the U.S. to reform it. It's therefore both improper and contradictory for the U.S. Trade Rep to push the U.S. copyright system around the world when our own government recognizes that our system is defective.

This new animated video explains how two provisions of the Trans-Pacific Partnership (TPP) agreement's intellectual property chapter threaten users' rights. First, it creates legal incentives for Internet and online service providers to police their users' activities for copyright infringement. Second, the TPP carries rigid protections for digital rights management (DRM) in ways that could create expansive chilling effects for anyone who wishes to legally share and interact with their content and devices.

Privacy info. This embed will serve content from youtube.com

Please share this video, spread the word about this secretive multinational trade agreement, and let others know how they can help fight it.

Take Action

You can express your concern about these problems — and others — that arise from a secret copyright agenda driving international agreements by signing our petition to stop it.

Wherever you are in the world, you can sign on to this petition directed at decision-makers to demand a Fair Deal.

If you’re in the U.S., take our action to send a message to your representative to demand an end to these secret backroom negotiations.

If you're in Peru, join Hiperderecho and tell the Peruvian president that our rights on the Internet are non-negotiable.

Spread the Word

Our website “Why the Heck Should I Care About the TPP?” lays out some of the worst consequences for Internet users if this agreement were to pass.

Share our infographic about the TPP! We have versions in both English and Spanish.

var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22http://www.youtube.com/embed/KOSYMWf2drE?rel=1%26amp;autoplay=1%26amp;wmode=opaque%26?autoplay=1%22 width=%22400%22 height=%22250%22 class=%22video-filter video-youtube vf-kosymwf2dre%22 frameborder=%220%22%3E%3C/iframe%3E'; Related Issues: Intellectual PropertyInternationalTrans Pacific Partnership Agreement
Share this:   ||  Join EFF

Today, EFF filed a motion in a secret court.

This secret court isn’t in a developing nation, struggling beneath a dictatorship. It’s not in a country experimenting for the first time with a judiciary and the rule of law. And, as Wired recently noted, it’s “not in Iran or Venezuela, as one might expect.” No, the court is here, in the United States (it’s in Washington, D.C., in fact). It’s called the Foreign Intelligence Surveillance Court (or the FISC), and it reviews the federal government’s applications to conduct surveillance in national security cases. It’s comprised of 11 district court judges from around the country, and its opinions and orders are the law of the United States, like other federal courts.

But the FISC is different from typical courts in one fundamental way: almost everything about the FISC is secret.1 In fact, just being able to publicly say that we filed a motion with the FISC is unusual. Most proceedings are done ex parte (in this context, meaning just with the government and the judge), and any non-governmental parties involved in proceedings are typically forbidden from ever disclosing it. Even when the FISC finds that the government has acted illegally, so far, that illegality has been been kept hidden from public scrutiny and accountability.

EFF is trying to change that. We filed a lawsuit under the Freedom of Information Act (FOIA) after the Department of Justice refused to disclose a FISC opinion we requested. The FISC opinion held that the government engaged in surveillance that was unconstitutional and violated the spirit of federal surveillance laws. We only know the opinion exists because Senators, like Ron Wyden and Mark Udall, essentially forced the government to publicly acknowledge its existence.

So why did EFF file something with the FISC? In response to our FOIA lawsuit—and in an attempt to justify hiding the government’s unconstitutional conduct—the DOJ pointed to the FISC. The DOJ argued the FISC’s procedural rules prohibited DOJ from releasing the opinion under FOIA. But, five years earlier (in response to a separate case brought by the ACLU), the FISC itself said FOIA was the proper avenue to access FISC opinions. In fact, in that case, the DOJ argued that FOIA was the only way the public could access the opinions. So we filed a motion with the FISC to allow that court to definitively resolve whether its rules prohibit the disclosure of its opinions.

But, for the time being, a DOJ-imposed Catch-22 blocks the public from knowing more about the government’s illegal surveillance. According to the DOJ, we can’t use FOIA, because the FISC rules prevent it; and we can’t go to the FISC, because the FISC says FOIA is the proper avenue. If Joseph Heller were alive today, he would be impressed. So, too, would Franz Kafka. A public trapped between conflicting rules and a secret judicial body, with little transparency or public oversight, seems like a page ripped from The Trial.

In fact, simply figuring out how to file the motion was a bit of a nightmare. Not surprisingly, there’s no e-filing with the FISC or public mailing address to send the motion. All we had was a phone number. And all we could do was leave messages and hope the court staff would return our calls.

But, sadly, this isn’t a work of dystopian fiction. This is a product of our democratic system. The government may assert that FISC opinions can’t be disclosed because they would reveal the legal limits of our nation’s intelligence collection capabilities, but the fact that we are a nation of laws is not a vulnerability our enemies may exploit. It is among our greatest national assets.

Granted, it’s likely that some of the information contained within FISC opinions should be kept secret; but, when the government hides court opinions describing unconstitutional government action, America’s national security is harmed: not by disclosure of our intelligence capabilities, but through the erosion of our commitment to the rule of law.

• 1. Another difference is the very limited subject-matter jurisdiction of the court. Although the subject matter of the issues before it is certainly unique, in the federal system, having a restricted jurisdiction is not unique to the FISC

Related Issues: NSA SpyingTransparencyRelated Cases: FISC Orders on Illegal Government Sureveillance
Share this:   ||  Join EFF

Today, Sen. John Cornyn (R-Texas) introduced the Patent Abuse Reduction Act, a wide-ranging bill targeting abusive litigation tactics—a favorite tool of the patent troll. 

The good news first. The bill would do significant harm to the patent troll business model, making it harder to be a troll and easier to fight one in court. Patent trolls have long taken advantage of the fact that patent litigation is expensive (costing into the millions of dollars) and can take years, draining companies of resources. Patent trolls are in the very business of litigation and deploy a variety of techniques (shell companies and contingency fee arrangements, for example) to keep their own costs much lower.

The proposed legislation would level this playing field by incorporating one of our favorite reforms, fee shifting. This means that if a party accused of infringing a patent actually fights back in court and wins, the troll could be on the hook. (Unfortunately, the legislation doesn't require the suing party to post a bond—an important tool for deterring patent trolls.) The bill also includes provisions limiting the type and amount of discovery a troll can get and what kind of information a troll needs to disclose at the outset of a lawsuit. The latter is particularly promising because it would force patent trolls to do true due diligence before they sue and to name who is really behind the lawsuit (information that is currently quite difficult to find). These provisions make the troll's case more expensive and takes away another of its favorite tools—secrecy.

The not-so-good news is that these reforms are all litigation focused and, thus, limited. We believe the problem is much bigger. The bill does not address patent quality and fails to consider what the Patent Office could do to help those facing lawsuit threats. It does not include protection for end users, consumers who find themselves staring down patent trolls over widely available technologies. And it fails to address the very root of the problem by not considering whether we should be able to patent software to begin with.

We will continue to raise those issues and fight those fights. In the meantime, we are encouraged to see the introduction of large scale-reform that would go to the heart of the patent troll business model. We hope that those policy makers who have publicly recognized the patent troll problem will join in the upcoming debate on this important legislation.

Files:  patent_abuse_reduction_act.pdfRelated Issues: PatentsPatent Trolls
Share this:   ||  Join EFF

5/22/2013 Author:  Alice Leiter Health Privacy HITECH/ARRA Implementation

This past April, six Republican Senators – Alexander, Burr, Coburn, Enzi, Roberts and Thune – released a white paper, titled “REBOOT: Re-Examining the Strategies Needed to Successfully Adopt Health IT,” that is critical of the implementation of the HITECH Act’s investment in health IT and the Meaningful Use incentive program in particular. In the report, the Senators identify deficiencies related to health IT implementation in five areas: (1) path toward interoperability; (2) costs; (3) oversight; (4) patient privacy; and (5) path to sustainability. Overall, the report urges that taxpayer investments in health IT be leveraged to benefit the public but without unduly burdening health care providers in the process.

CDT submitted a letter during the open public comment period provided for in the report. Some issues related to health IT implementation, such as achieving interoperability among disparate electronic health record (EHR) systems, have proven frustratingly difficult to resolve. In enacting HITECH, Congress tried to bring about adoption and use of electronic medical records more rapidly than such change would have occurred absent a federal incentive program – and in fact, adoption of health IT has far exceeded expectations. The multi-stakeholder approach to implementing HITECH has followed the balanced approach recommended by the report: providing value to taxpayers by driving meaningful change to benefit patients and improve health outcomes, while at the same time minimizing burden to providers and others in the health care industry. Hitting “pause” (or even “stop”) on this program would frustrate those aims.

The report raises privacy concerns – but without identifying specific issues or suggesting recommendations. CDT urges the Senators to support more robust efforts to ensure compliance with federal privacy and security laws, both through better enforcement and the issuance of more comprehensive guidance.

There is exciting news out of the Green Mountain State this week: folks in Vermont are so fed up with patent troll abuse that they are taking matters into their own hands. With trolls filing thousands of lawsuits every year and blanketing the country in threat letters, states are looking for ways to protect victims—especially small entities that lack the resources to defend against a patent suit. Vermont is tackling trolls on two separate fronts.

First, the State Attorney General has filed a groundbreaking complaint against the infamous scanner troll MPHJ Technology, alleging unfair and deceptive acts under Vermont's Consumer Protection Act (PDF of the complaint). The tale of the scanner troll is one of the most outrageous patent stories of the year. This troll hides behind an alphabet soup of shell companies and sends demand letters to small businesses all over the country demanding $1,000 per employee for the privilege of using scanners and email.

The Attorney General has zeroed in on letters the scanner troll sent to nonprofits that assist developmentally disabled Vermonters. The AG alleges that the scanner troll did not conduct due diligence before sending these letters and made deceptive statements about its threats of suit and whether other companies had taken a license. At its heart, the complaint alleges that the scanner troll is sending these demand letters in bad faith. To our knowledge, this is the first time a state attorney general has taken action like this against a patent troll. We will watch this case with interest.

Not content to strike back against a single troll, Vermont is also poised to pass a bill dealing with the problem as a whole. The Vermont House and Senate recently passed a bill to combat "bad faith assertions of patent infringement" (H.299, PDF). And the latest word is that Vermont's governor is about to sign it into law.

This bill requires patent demand letters to be specific about the claim being violated, to be particular about how the target is violating the patent, and to give targets a reasonable estimate of the damage costs coupled with a reasonable time to respond. (It's funny: patent trolls usually have broad demands, are vague about violations, and pressure their targets to respond hastily with their purses open.) If a court finds a demand to be meritless or deceptive, they can swing down with full force and lay heavy fines on the bad actors, who are more than likely patent trolls.

This bill could solve some of the patent troll problems in Vermont. Unfortunately, it raises some serious constitutional questions around preemption (the doctrine that federal law invalidates state law when they are in conflict) and federal due process (which generally protects the right to take cases to court or make demands when they're sent in good faith). Vermont lawyer Justin McCabe at Green Mountain IP has a good analysis of the bill's pros and cons.

Apart from important constitutional considerations, passage of the Vermont bill demonstrates just how much patent reform is in the spotlight. Fixes on the national level are popping up like daisies, and—not surprisingly at all—they all attempt to tackle the troll problem from completely different angles. While we admire these bills' creativity, the obvious takeaway from this fact is that there are a lot of areas of the patent system that are very, very broken. So let's take a step back and push for real, comprehensive change.

Related Issues: InnovationPatentsPatent Trolls
Share this:   ||  Join EFF

#FreeBassel / David Kindler / CC BY

If you subscribe to Creative Commons’ newsletter or follow us on Twitter and Facebook, you’re likely familiar with the story of Bassel Khartabil, our friend and longtime CC volunteer who’s been in prison in Syria since March 2012. Today, on the second birthday that Bassel has spent in prison, friends of Bassel and members of the open community are taking a moment to reflect on his situation and call for his release.

The Index on Censorship, which honored Bassel in March with the Digital Freedom Award, has compiled a collection of birthday wishes for Bassel:

I just want him free, I pray for him to be free and I pray for all his friends who believe and work on Bassel’s freedom. – Bassel’s mother

It is your birthday. It is not a day of happiness — yet. But when justice is done, and you are released from your wrongful imprisonment, all of us will celebrate with enormous happiness both this day, and every day that you have given us as an inspiration for hope across the world. – Larry Lessig, founder of Creative Commons

Read more

Our friend Jon Phillips, organizer of the #freebassel campaign, has launched a project called FREEBASSEL SUNLIGHT. In Jon’s words, “Please help shine some sunlight on Bassel by doing some novel research on his situation, where he is located, and help connect the dots of his situation and life.”

Artist and filmmaker Niki Korth recently developed a game that uses quotations from Bassel to start conversations about free and open communication, the conflict in Syria, and other topics. Niki has been publishing the playing cards online as well as videos of people playing the game.

Earlier this week, Niki led a few of us at CC in the game. You can watch our responses to several of her questions on her Vimeo page.

In this video, CC CEO Cathy Casserly voices our shared hope that we’ll see Bassel soon:

Read more

• Free Bassel, Free Culture
• Lawrence Lessig’s WSJ Article on Bassel Khartabil

Nothing shines a light on problems quite like a scandal. If we’re lucky, it means that we take a closer look at not only the issue that makes the headlines, but the issue ecosystem. The recent back and forth about IRS incompetence regarding screening 501 (c)4 groups has prompted a secondary discussion about the very nature of many of these groups – that, increasingly, they are being used as vehicles to the hide the money raised to buy elections.

In Colorado and Washington DC, strong campaign finance laws were passed to rein in Big Money’s influence on elections.  Now those laws are under attack from powerful interests who aren’t afraid to get creative when it comes to hiding their actions. To make matters worse, they are supported by an out of touch and activist Supreme Court.

The people get it, but our leaders don’t.  Just look at the lack of action by the Colorado congressional delegation after explicit instructions from their voters to do something about the problem of money in politics. As the Denver Post’s Curtis Hubbard reminds us, 74% of Colorado voters said yes to Amendment 65.

I don’t mean to excuse or even ignore the IRS’s loathsome targeting of the conservative groups, but the role of unchecked money in politics also merits scrutiny.

Colorado voters last year tasked our congressional delegation with doing something about the issue.

Amendment 65, which directed the lawmakers to support a constitutional amendment that would rid our system of unlimited spending by corporations and labor groups, was supported by nearly 74 percent of voters.

How amazing is that?

You could ask if John Elway is the best quarterback in Denver Broncos history and very likely not get 3 out of 4 people to agree (silly Tebow fans, but I digress).

The Denver Post, Hubbard: Tax-exempt politics, May 19, 2013. 

The fact that there has been little to no response on Amendment 65 is an indication that our elected representatives are no longer fully representing us. Its not too late for our congressional delegation to stand up for their constituents and fight back against big money in politics.  I hope our congressional delegation is reading.