Facebook Fires Employee Who Allegedly Used Data Access To Stalk Women

Your rights online - Wed, 05/02/2018 - 13:30
After a member of the information security community provided evidence to Facebook's chief information security officer, the company has terminated a security engineer who allegedly used their work position to stalk women online. From a report: On Monday, Motherboard reported that Facebook was investigating a claim that one of its employees used access to data granted by their job to stalk women online. Facebook has since terminated the employee, Facebook confirmed to Motherboard on Tuesday, coincidentally shortly after the social media giant announced its upcoming dating service. "We are investigating this as a matter of urgency. It's important that people's information is kept secure and private when they use Facebook," Alex Stamos, Facebook's chief information security officer, told Motherboard in a statement.

Read more of this story at Slashdot.

Categories: Privacy

Nikola (Motors) is Suing Tesla

Your rights online - Wed, 05/02/2018 - 12:50
An anonymous reader shares a report: Nikola Tesla invented alternating electrical current. Nikola Motors is a mobility company working on a hydrogen-powered semi truck. Tesla makes fully electric vehicles and last December unveiled its EV Semi. Nikola Motors is suing Tesla Motors over patent infringements, according to Electrek. Nikola alleges that Tesla infringes on three of its patents: fuselage design, a wraparound windshield on a semi truck and a mid-entry door. Nikola claims that these design similarities have "caused confusion" among customers and stolen away over $2 billion in business, and that if problems arise with Tesla's Semi (like battery fires or glitches with autonomous driving), they'll be attributed to Nikola. Typical patent troll stuff.

Read more of this story at Slashdot.

Categories: Privacy

Tech Giants Hit by NSA Spying Slam Encryption Backdoors

Your rights online - Wed, 05/02/2018 - 12:13
A coalition of Silicon Valley tech giants has doubled down on its criticism of encryption backdoors following a proposal that would give law enforcement access to locked and encrypted devices. From a report: The group, which focuses on efforts to reform government surveillance, said in a statement that it continues to advocate for strong encryption, and decried attempts to undermine the technology. "Recent reports have described new proposals to engineer vulnerabilities into devices and services -- but they appear to suffer from the same technical and design concerns that security researchers have identified for years," the statement read. The renewed criticism follows a lengthy Wired article, in which former Microsoft software chief Ray Ozzie proposed a new spin on key escrow. Device encryption has hampered police investigations, and law enforcement officials have pushed tech companies to fix the problem -- even by way of suing them.

Read more of this story at Slashdot.

Categories: Privacy

GitHub Accidentally Exposes Some Plaintext Passwords In Its Internal Logs

Your rights online - Wed, 05/02/2018 - 06:00
GitHub has sent an email to some of its 27 million users alerting them of a bug that exposed some user passwords in plaintext. "During the course of regular auditing, GitHub discovered that a recently introduced bug exposed a small number of users' passwords to our internal logging system," said the email. "We have corrected this, but you'll need to reset your password to regain access to your account." ZDNet reports: The email said that a handful of GitHub staff could have seen those passwords -- and that it's "unlikely" that any GitHub staff accessed the site's internal logs. It's unclear exactly how this bug occurred. GitHub's explanation was that it stores user passwords with bcrypt, a stronger password hashing algorithm, but that the bug "resulted in our secure internal logs recording plaintext user passwords when users initiated a password reset." "Rest assured, these passwords were not accessible to the public or other GitHub users at any time," the email said. GitHub said it "has not been hacked or compromised in any way."

Read more of this story at Slashdot.

Categories: Privacy

FCC Commissioner Broke the Law By Advocating for Trump, Officials Find

Your rights online - Tue, 05/01/2018 - 21:25
A newly released letter from government officials finds that Republican FCC commissioner Michael O'Reilly broke a federal law preventing officials from advocating for political candidates when he told a crowd that one way to avoid policy changes was to "make sure that President Trump gets reelected." The Verge reports: After he made the comments, the watchdog group American Oversight filed a letter with the Office of Special Counsel, which handles Hatch Act complaints. In response to the group's letter, the Office of Special Counsel said today that O'Rielly did, in fact, violate the Hatch Act. The letter said O'Rielly responded that he was only trying to provide an explanatory answer to how those changes in policy could be stopped, but the office rejected that reasoning. The office said it has sent a warning letter to O'Rielly this time, but will consider other infractions "a willful and knowing violation of the law" that could lead to legal action.

Read more of this story at Slashdot.

Categories: Privacy

California Leads States In Suing the EPA For Attacking Vehicle Emissions Standards

Your rights online - Tue, 05/01/2018 - 20:03
California, along with seventeen other states, announced a lawsuit against the Environmental Protection Agency today over its recent rollback of Obama-era vehicle emissions and fuel economy standards. The states argue that the EPA "acted arbitrarily and capriciously" in overturning the previous administration's decision. The Verge reports: The standards in question were drawn up in 2009 and adopted in 2012. They laid out a path for automakers to reduce overall greenhouse gas emissions by reaching an average fleet fuel economy of 54.5 miles per gallon by 2024. Since the program was charting a course that stretched out more than a decade into the future, it was written into the rules that the EPA would have to perform a "mid-term evaluation" before April 1st, 2018. This review would serve two purposes: assess whether automakers were on track, and then use that information to determine if the last section of the standards (which apply to model year 2022-2025 cars) were still feasible. The EPA, under Barack Obama, kicked off this review process ahead of schedule in the summer of 2016 when it published an extensive 1,200-page technical assessment that analyzed whether the standards were working. In January 2017, the outgoing EPA wrapped this evaluation and determined that the bar was not set too high. In fact, it argued, automakers were overwhelmingly compliant. The Trump EPA's decision in April did not set new standards -- it simply argued that there were problems with the existing standards. In the meantime, the agency and the Department of Transportation are currently working together to craft and officially propose new standards. But the previous standards that the EPA said were inappropriate will technically remain in place until that happens.

Read more of this story at Slashdot.

Categories: Privacy

Nintendo Faces Switch Patent Infringement Investigation In the US

Your rights online - Tue, 05/01/2018 - 19:23
An anonymous reader quotes a report from Engadget: Nintendo is under investigation by the U.S. International Trade Commission, and the fate of the Switch hangs in the balance. Gamevice, the company behind the Wikipad and a line of snap-on controllers for mobile devices, says the Nintendo Switch violates its patents on attachable handheld gamepads and their related accessories. Alleging violations of the Tariff Act of 1930, Gamevice is requesting a cease and desist order against Nintendo, a move that would halt imports of the Switch into the U.S. The USITC notes that while its investigation has begun, it hasn't ruled on the validity of the complaint. The commission will hold an evidentiary hearing to determine whether Nintendo is in violation of the Tariff Act, with a final decision "at the earliest practicable time." The USITC will announce a target date for the end of the investigation within 45 days.

Read more of this story at Slashdot.

Categories: Privacy

Amazon Tells Signal's Creators To Stop Using Anti-Censorship Tool

Your rights online - Tue, 05/01/2018 - 16:42
An anonymous reader quotes a report from The Verge: The team behind secure messaging app Signal says Amazon has threatened to kick the app off its CloudFront web service unless Signal drops the anti-censorship practice known as domain-fronting. Google recently banned the practice, which lets developers disguise web traffic to look like it's coming from a different source, allowing apps like Signal to evade country-level bans. As a result, Signal moved from Google to the Amazon-owned Souq content delivery network. But Amazon implemented its own ban on Friday. In an email that Moxie Marlinspike -- founder of Signal developer Open Whisper Systems -- posted today, Amazon orders the organization to immediately stop using domain-fronting or find another web services provider. Signal used the system to provide service in Egypt, Oman, and the United Arab Emirates (UAE), where it's officially banned. It got around filters by making traffic appear to come from a huge platform, since countries weren't willing to ban the entirety of a site like Google to shut down Signal. "The idea behind domain fronting was that to block a single site, you'd have to block the rest of the internet as well. In the end, the rest of the internet didn't like that plan," Marlinspike writes. "We are considering ideas for a more robust system, but these ecosystem changes have happened very suddenly. [...] In the meantime, the censors in these countries will have (at least temporarily) achieved their goals. Sadly, they didn't have to do anything but wait."

Read more of this story at Slashdot.

Categories: Privacy

FTC Gives Sony, Microsoft, and Nintendo 30 Days To Get Rid of Illegal Warranty-Void-if-Removed Stickers

Your rights online - Tue, 05/01/2018 - 15:26
Matthew Gault, reporting for Motherboard: The Federal Trade Commission put six companies on notice in early April for illegally telling customers that getting third-party repairs voids the warranty on their electronics. You've seen the stickers before and read the messages buried in end user license agreements. Plastered on the back of my PlayStation 4 is a little sticker that says "warranty void if removed." That's illegal. Motherboard has obtained copies of the letters via a Freedom of Information Act request and has learned the names of the six companies that were warned. They are Sony, Microsoft, Nintendo, Hyundai, HTC, and computer hardware manufacturer ASUS. The letters were sent by Lois Greisman, the FTC's associate director of marketing practices, on April 9; the FTC has given each company 30 days to change its official warranty policies and says that it may take legal action against the companies.

Read more of this story at Slashdot.

Categories: Privacy

Facebook Unveils Privacy Tool 'Clear History'

Your rights online - Tue, 05/01/2018 - 12:45
Facebook is introducing a new privacy tool called "clear history," CEO Mark Zuckerberg said Tuesday with a personal Facebook post. From a report: The tool will allow you to see information about the apps and websites you've interacted with, and you'll be able to clear this information from your account. The news came less within hours of the kickoff keynote at on Facebook's F8 developer conference, which is being held in San Jose. The mostly-annual conference began as a time for Facebook to announce major initiatives, such as its technology to connect user's accounts with websites around the web, as well as revamped designs for user's profile pages. In a statement, Zuckerberg said, "In your web browser, you have a simple way to clear your cookies and history. The idea is a lot of sites need cookies to work, but you should still be able to flush your history whenever you want. We're building a version of this for Facebook too. It will be a simple control to clear your browsing history on Facebook -- what you've clicked on, websites you've visited, and so on."

Read more of this story at Slashdot.

Categories: Privacy

U.S. IP Policy Spins Out of Control in the 2018 Special 301 Report

Deep Links - Tue, 05/01/2018 - 12:26

Certain reports and publications from U.S. government agencies, such as those of the Congressional Research Service, have become important reference works due to their reputation for being relatively in-depth, up to date, and factual. The United States Trade Representative's (USTR) Special 301 Report [PDF], the latest annual edition of which was released last week, is not such a report.

The report claims to "call out foreign countries and expose the laws, policies, and practices that fail to provide adequate and effective IP protection and enforcement for U.S. inventors, creators, brands, manufacturers, and service providers." But it has no consistent methodology for assessing what is "adequate and effective." Instead of relying on rigorous analysis to quantify the differences in standards of protection and enforcement among U.S. trading partners, it is driven by anecdotes, with a bias towards those contributed by IP lobbyists such as the International Intellectual Property Alliance (IIPA) and ACTION for Trade. This is a document so heavy on spin that one gets dizzy from reading it.

Canada Joins the "Naughty List" This Year

Due to the lack of a consistent methodology for preparation of the report and its heavy reliance on submissions rather than primary sources, the countries called out in the report and the misdeeds for which they are called out change with the winds of U.S. foreign policy. This provides a good explanation for the inclusion of Canada on this year's Priority Watch List, which is reserved for the most egregious offenders (China and Russia are also among the dozen countries receiving that honor).

As Canadian law professor Michael Geist has explained, Canada's inclusion on the Priority Watch List is likely a tactic intended to bring pressure on Canada to cave in to U.S. demands in the current negotiations over a modernized North American Free Trade Agreement (NAFTA). As Professor Geist points out, Canada has long recognized the Special 301 Report for the public relations exercise that it is, correctly observing that it "fails to employ a clear methodology and the findings tend to rely on industry allegations rather than empirical evidence and objective analysis."

Unfortunately however, some other countries give the Special 301 Report more credence, and this can result in them making unwarranted changes to their law in order to placate the USTR. Earlier this year for example, Switzerland responded specifically [PDF] to U.S. criticisms of its copyright system by pointing to its introduction of a "stay down" obligation (which is a synonym for mandatory copyright upload filtering), and its loosening of personal data protection for alleged copyright infringers.

Neither of these changes was required for Switzerland to fulfil its international obligations, and they will likely result in user-generated content platforms abandoning Switzerland for jurisdictions where the regulatory environment is more favorable. Yet despite its unnecessary efforts, Switzerland remains on the Watch List again for the third year running.

A Tired, Repetitive Report

This year's Special 301 Report is a staid, by-the-numbers affair that will satisfy IP maximalist lobbyists, but will disappoint anyone who was expecting a balanced or nuanced look at the differences between U.S. and foreign IP laws and policies, and the reasons for those differences. The report maintains the line that there is only one "adequate and effective" level of IP protection and enforcement that every country should adhere to, regardless of its social and economic circumstances or its international legal obligations. The allegations that it repeats are tired and familiar, such as:

  • Countries like Brazil, Ecuador, Peru, and Taiwan do not effectively criminalize unauthorized camcording in theaters. (They are not required to do so; there is no international obligation for them to recognize this particular method of copyright infringement as a crime.)
  • Countries like Argentina, Brazil, Chile, China, Hong Kong, Indonesia, Mexico, Peru, Singapore, Taiwan, and Vietnam are accused of allowing trade in "Illicit Streaming Devices" (aka. general-purpose computers) that can be used to access copyright-infringing media streams.
  • Some country code domain name registries are accused of failing to "require the registrant to provide true and complete contact information; and make such registration information publicly available." The USTR neglects to point out that in many cases this is a deliberate policy decision due to the application of local data protection law.
An Alternative Approach to the Special 301

In EFF's submission to the USTR in its consultation over this year's report, we pointed out how the report is unbalanced by focusing only on how (some) U.S. businesses benefit from strict levels of IP protection and enforcement, without also considering how (many more) U.S. businesses also benefit from the flexibilities in U.S. intellectual property law, such as the fair use right. In our submission, we pointed out that:

Some of our trading partners do not have a fair use right in their copyright law, and this makes it harder for U.S. companies to conduct business overseas. They may run the risk of committing copyright infringement for activities that create economic and social value, and would be fully legal in the United States. For example, basic technical processes such as indexing, linking, and temporary copying may be found to infringe copyright in countries that lack a fair use doctrine.

We also suggested that the Special 301 process could be used to address the issue of foreign governments attempting to enforce their intellectual property laws on U.S. companies extraterritorially, as occured in the Equustek case. Unfortunately, neither of our suggestions had any influence on the 2018 Special 301 Report. On the contrary, the USTR goes so far as to criticize Canada for the breadth of its "fair dealing" right in copyright law, which is similar to the U.S. fair use right. No criticism is made of countries such as Mexico, which lack any close equivalent to fair use at all.

Impartiality isn't the goal of the Special 301 Report; its goal is to influence the attitudes and behaviors of U.S. trading partners to bring them into alignment with U.S. foreign policy objectives on intellectual property, regardless of whether those objectives reflect our partners' obligations under international law. As such, it continues to well serve the interests of the IP maximalist lobbyists with whom the USTR has a very close relationship. But for those who are looking for a more balanced report, the 2018 Special 301 Report has nothing to offer, and its recommendations carry no weight. 

Categories: Privacy

Iran Bans Use of Telegram Messaging App To Protect 'National Security'

Your rights online - Tue, 05/01/2018 - 12:07
Iran has banned all use of the popular Telegram messaging app. The ban had been introduced to protect "national security," said a statement aired on state television. From a report: Iran had been considering the ban since January when protests over economic grievances erupted in more than 80 cities and later turned into demonstrations against the clerical and security elite of the Islamic Republic. Some hardline officials said protesters used Telegram to organize the rallies, which were ultimately contained by the Revolutionary Guards and their affiliated volunteer Basij militia. The app was temporarily blocked in January. "Considering various complaints against the Telegram social networking app by Iranian citizens, and based on the demand of security organizations to confront the illegal activities of Telegram, the judiciary has banned its usage in Iran," state TV reported. "All Internet providers in Iran must take steps to block Telegram's website and app as of April 30," the judiciary website Mizan quoted a court order as saying.

Read more of this story at Slashdot.

Categories: Privacy

UK Officials Will Summon Mark Zuckerberg To Testify if He Won't Do So Voluntarily

Your rights online - Tue, 05/01/2018 - 11:26
UK officials said Tuesday they will summon Facebook CEO Mark Zuckerberg to testify before Parliament the next time he's in British territory if he does not volunteer to do so. From a report: It would be the first governmental summons for Zuckerberg in the fallout of the Cambridge Analytica data leak and widespread concerns around user privacy. "It's worth noting that, while Mr. Zuckerberg does not normally come under the jurisdiction of the UK Parliament, he will do so the next time he enters the country," Damian Collins, a member of the UK Parliament, wrote in a letter published Tuesday. "There are over 40 million Facebook users in the UK and they deserve to hear accurate answers from the company he created and whether it is able to keep their users' data safe," Collins wrote.

Read more of this story at Slashdot.

Categories: Privacy

Singapore Airport May Use Facial Recognition Systems To Find Late Passengers

Your rights online - Tue, 05/01/2018 - 10:00
Singapore's Changi airport, which is widely touted as one of the best airports in the world, is testing use of facial recognition systems to find late or lost passengers in the airport so they don't delay their flight for everyone else onboard. From a report: Changi Airport is looking at how it can use the latest technologies to solve many problems - from cutting taxiing times on the runway to quicker predictions of flight arrivals. It comes as the island state embarks on a 'smart nation' initiative to utilize technology to improve lives, create economic opportunity and build community ties. However the proposed use of cameras mounted on lampposts that are linked to facial recognition software has raised privacy concerns. Steve Lee, Changi Airport Group's chief information officer, told Reuters that the airport's experiments are not from a "big brother" perspective but solve real problems. "We have lots of reports of lost one possible use case we can think of is, we need to detect and find people who are on the flight. Of course, with permission from the airlines," said Lee.

Read more of this story at Slashdot.

Categories: Privacy

Amazon Web Services Starts Blocking Domain-Fronting

Your rights online - Mon, 04/30/2018 - 21:40
Earlier this month, Google announced it is discontinuing domain fronting, a practice that lets developers disguise their traffic to evade network blocks. Now, Amazon Web Services has announced a similar move to implement a new set of enhanced domain protections specifically designed to stop domain fronting. The Verge reports: In the post, Amazon characterized the change as an effort to stamp out malware. "Tools including malware can use this technique between completely unrelated domains to evade restrictions and blocks that can be imposed at the TLS/SSL layer," the post explained. "No customer ever wants to find that someone else is masquerading as their innocent, ordinary domain." Domain-fronting works by using major cloud providers as a kind of proxy, making a data request seem like it's heading to a major service like Google or Amazon only to be forwarded along to a third party once it reaches the broader internet. Unfortunately for circumvention tools, neither Amazon nor Google will let them pull that trick anymore. Amazon will still allow domain fronting within domains owned by the same customer (or more specifically, listed under the same SSL certificate), but customers can no longer use the technique to disguise where data is going, making it far less useful for blocked apps.

Read more of this story at Slashdot.

Categories: Privacy

Catalog of Missing Devices: Fonts on e-readers

Deep Links - Mon, 04/30/2018 - 20:18

In today's world, your ability to choose something as everyday as a typeface depends on the permission of the company that made your device and the software that runs on it. Choosing your typeface may seem like a novelty, but type design can have far-ranging implications for accessibility (some fonts are optimized for people with dyslexia and other cognitive print disabilities), clarity (other fonts are optimized the minimize the chance of mistaking one character for another, critical for technical applications), and even culture (the right to choose a script that matches the language you're reading can make all the difference).

Categories: Privacy

Volkswagen, Audi Cars Vulnerable To Remote Hacking

Your rights online - Mon, 04/30/2018 - 19:40
An anonymous reader writes: "A Dutch cyber-security firm has discovered that in-vehicle infotainment (IVI) systems deployed with some car models from the Volkswagen Group are vulnerable to remote hacking," reports Bleeping Computer. The vulnerabilities have been successfully tested and verified on Volkswagen Golf GTE and Audi A3 Sportback e-tron models. Researchers say they were able to hack the cars via both WiFi (remote vector) and USB (local vector) connections. Researchers hinted they could have also went after the cars' braking and acceleration system, but stopped due to fear of breaking VW's intellectual property on those systems. "Under certain conditions attackers could listen in to conversations the driver is conducting via a car kit, turn the microphone on and off, as well as gaining access to the complete address book and the conversation history," Computest researchers said in their paper. "Furthermore, due to the vulnerability, there is the possibility of discovering through the navigation system precisely where the driver has been, and to follow the car live wherever it is at any given time," researchers added. VW deployed patches.

Read more of this story at Slashdot.

Categories: Privacy

The Fate of Text and Data Mining in the European Copyright Overhaul

Deep Links - Fri, 04/27/2018 - 12:19

The current European Digital Single Market copyright negotiations involve more than just the terrible upload filter and link tax proposals that have caused so much concern—and not all of the other provisions under negotiation are harmful. We haven't said much about the text and data mining provisions that form part of this ambitious legislative agenda, but as the finalization of the deal is fast approaching, the form of these provisions is now taking shape. The next few weeks will provide Europeans with their last opportunity to guide the text and data mining provisions to support coders rights, open access, and innovation.

Text and data mining, which is the automated processing and analysis of large amounts of published data to create useful new outputs, necessarily involves copying at least some of the original data. Often, that data isn't subject to copyright in the first place, but even when it is, copies made in the course of processing generally fall within the scope of the fair use right in the United States.

But European countries have no such fair use right in their copyright law. Instead, they have a patchwork of narrower user rights, which vary from one country to another. Although some states have introduced rights to conduct text and data mining, there is little consistency between them. As such, the legality of text and data mining conducted in Europe is questionable, even though it doesn't result in the creation of anything that resembles the original input data set. Worse still, Europe also has a separate copyright-like regime of protection for databases, which has no equivalent in the United States. Text and data mining activities could also run afoul of these database rights.

Recognizing the usefulness of text and data mining to scientific research, the European Commission proposed to clarify its legality by adding a new optional text and data mining right to European copyright law. Provided that those exercising the right had lawful access to the input data in the first place, they would not have to acquire any additional license to perform text and data mining on such data, for either commercial or non-commercial purposes—and, importantly, the copyright owner would not be able to prohibit them from doing so by contract.

However the Commission's proposal also contained a number of limitations that made it less useful than it ought to have been. Its three biggest limitations were that:

  • It only allowed research organizations to conduct text and data mining activities, excluding independent researchers, small businesses, libraries and archives, and others who might otherwise wish to make use of the exception.
  • Text and data mining could only be conducted for the purpose of scientific research, excluding other purposes such as education, archival, or literary criticism.
  • It would do nothing to prevent copyright holders from using DRM (digital locks with legal reinforcement) to make the exercise of the right practically impossible.
Proposals to Strengthen or Weaken the Commission's Proposal

In February 2018 an in-depth analysis [PDF] of the provisions was published for the Legal Affairs (JURI) Committee, which has leadership of the Digital Single Market dossier within the European Parliament. This analysis identifies the limitations mentioned above, and provides recommends for addressing some of them; perhaps most notably, "clearly spelling out that both Technological Protection Measures (TPMs) and network security and integrity measures should not undermine the effective application of the exception."

Following up on this, in late March 2018 by a letter to the Legal Affairs (JURI) Committee from a coalition of 28 groups including EIFL (Electronic Information for Libraries), the European University Association (EUA), and Science Europe, made four concrete recommendations that would strengthen the Commission's proposal by:

  • Broadening it to include any person (natural or legal) that has lawful access to content, provided that reproduction or extraction is used for the sole purpose of text and data mining.
  • Affirming that contractual terms restricting the use of the right should be unenforceable.
  • Clarifying that DRM cannot be used to unreasonably restrict the exercise of the right.
  • Allowing datasets created for the purpose of text and data mining to be stored on secured servers for future verification.

But countering these recommendations, some member states would like to weaken the text and data mining right, rather than strengthening it. Last week the Bulgarian Presidency of the Council of the European Union asked member states, [PDF] “Should the scope of the optional exception for text and data mining provided for in Article 3a be limited and to what extent, for example to temporary copies of works and other subject matter which have been made freely available to the public online?” Their answer, expected to be given at Friday's meeting of the Committee of the Permanent Representatives of the Governments of the Member States to the European Union (COREPER), may determine the version of the proposal that goes to a vote.

We are encouraging all our European members to contact their representatives about an upcoming vote on the European copyright proposals in the JURI Committee. Along with the most serious problems with the proposal—the link tax in favor of news publishers (Article 11) and the upload filtering mandate on Internet platforms (Article 13)—the Article 3a text and data mining right is also included in the upcoming vote. When you contact your representatives about the sweeping and dangerous copyright proposals, tell them your thoughts about the importance of protecting text and data mining too. Although the details are complex, you can keep to one simple message—that Articles 11 and 13 should be eliminated, and that Article 3a should be kept and strengthened.

Take Action

Demand fair copyright policies

Categories: Privacy

Defenders of Copyright Troll Victims Urge Congress to Reject the "Small Claims" Bill

Deep Links - Thu, 04/26/2018 - 20:26

A dedicated group of attorneys and technologists from around the U.S. defend Internet users against abuse by copyright trolls. Today, they wrote to the House Judiciary Committee with a warning about the CASE Act, a bill that would create a powerful new “small claims” tribunal at the U.S. Copyright Office in Washington D.C. The CASE Act would give copyright trolls a faster, cheaper way of coercing Internet users to fork over cash “settlements,” bypassing the safeguards against abuse that federal judges have labored to create.

Copyright trolls are companies that turn threats of copyright litigation into profit by accusing Internet users of infringement—typically of pornographic films or independent films that flopped at the box office. Wielding boilerplate legal papers, dubious investigators, and the threat of massive, unpredictable copyright damages, these companies try to coerce Internet users into paying “settlements” of several thousand dollars to avoid litigation. Because their business is built around litigation threats, not the creative work itself, copyright trolls aren’t very careful about making sure the people they accuse actually infringed a copyright. In fact, since profitable copyright trolling depends on targeting thousands of Internet users, trolls have an incentive not to investigate their claims carefully before filing suit.

Trolling is a massive problem. Between 2014 and 2016, copyright troll lawsuits constituted just under 50% of all copyright cases on the federal dockets. Overall, since 2010, researchers have estimated the number of Internet users targeted at over 170,000 - and that’s probably a low estimate.

These schemes have a human cost. Targets have included many elderly retirees who don’t use the Internet, who are often coerced into paying settlements. Others are documented immigrants with a green card or work visa, who must pay to avoid litigation that could imperil their immigration status.

Still others are homeowners, apartment managers, and leaseholders—whoever’s name is on the ISP bill. Copyright trolls force them to choose between paying a cash settlement or becoming part of the shakedown by interrogating their tenants, family members, roommates, or houseguests about their Internet use, despite having no legal responsibility to police that use.

The federal courts have cracked down on copyright trolling, by requiring copyright holders to present solid evidence of infringement before the courts will issue a subpoena to unmask an anonymous Internet user. Some courts have even begun to review settlement demand letters to ensure that they don’t use abusive methods.

The CASE Act, H.R. 3945, would reverse this progress by giving copyright trolls a whole new, and more favorable, legal forum. In particular, the bill would

  • allow the Copyright Office to issue subpoenas for the identity of an Internet user, who can then be targeted for harassment and threats;
  • do away with the requirement that copyright holders register their works before infringement begins in order to recover automatic statutory damages, which weeds out frivolous claims;
  • allow the Copyright Office to issue $5,000 copyright “parking tickets” through a truncated process, with no true right of appeal.

The opponents of copyright trolling who signed the letter are concerned about giving the Copyright Office these powers, bypassing the federal courts. Given that the Copyright Office calls rightsholders its “customers,” and often favors rightsholders’ interests over those of the broader public, we don’t trust a Copyright Office panel to give careful protection to the accused.

The House is considering a few copyright bills this spring. This week, it voted to approve three of them: the Music Modernization Act, the CLASSICS Act, and the AMP Act. Wisely, they left the CASE Act off the schedule—perhaps because of its controversial provisions—but the bill could still come up for a vote.

The CASE Act is supported by photographers who want a faster, cheaper way to bring infringement claims. But creating a new federal administrative tribunal with the power to issue fines against ordinary Internet users is dangerous. Aid to photographers can’t come at the expense of inviting more copyright troll abuse. Legislators should heed the words of professionals who defend the public against this form of abuse. They should reject the CASE Act.

Categories: Privacy

Oakland Should Ensure Community Control of Surveillance Technology

Deep Links - Thu, 04/26/2018 - 18:33

The Northern California cities of Berkeley and Davis began the year with successful community efforts to demand transparency and oversight in their community’s acquisition of surveillance technology. With tax season just days behind us, U.S. communities continue to focus on gaining control and transparency over whether their hard-earned tax dollars are used to acquire surveillance technologies that threaten our fundamental privacy, disparately burden people of color, and threaten immigrant communities.

Community organizers in the East Bay—having already successfully defeated plans to have the Port of Oakland’s Domain Awareness Center expand into a city-wide surveillance apparatus—are well-poised to make Oakland the next U.S. city to adopt a law that would ensure substantial community controls over law enforcement acquisition and use of surveillance technology.

The power to decide whether these tools are acquired, and how they are used, should not stand unilaterally with agency executives. Instead, elected City Council members should be empowered with the authority to decide whether to approve or reject surveillance technology. Most importantly, all residents must be provided an opportunity to comment on proposed surveillance technologies, and the policies guiding their use, before representatives decide whether to adopt them.

Oakland’s Surveillance and Community Safety Ordinance enshrines these rights by requiring that city agencies submit use policies to the City Council for approval before acquiring surveillance technology, and that the City Council provide notice and an opportunity for public comment before approving these requests. To assure compliance, and that any approved equipment does indeed serve its stated purpose, the law would additionally require annual use reports including any violations of the existing policy.




In many cities across the country, local law enforcement and other city agencies acquire surveillance technology—such as cell-site simulators, automated license plate readers (ALPR), and face recognition equipment—with little or no oversight or public input. In some cases, manufacturers require city agencies to sign non-disclosure agreements prohibiting the sharing of basic information about the types of equipment, the equipment’s capabilities, how the equipment is used, and how much it cost. Compounding this problem, many agencies lack use policies outlining how and under what circumstances the equipment may be used, or with what outside entities information collected by the technology may be shared.

Many communities are increasingly worried that surveillance technologies are a threat to immigrant communities. For example, the City of Alameda recently sidelined a proposal to expand its ALPR system, because of resident concerns that the resulting ALPR data might be used for immigration enforcement against their neighbors.

Since the early days of the fight to rein in the expansion of Oakland’s Domain Awareness Center, we have worked alongside local and national partners, including our Electronic Frontier Alliance ally Oakland Privacy, on empowering communities to take control of surveillance equipment policy and acquisition. These coalitions have supported cities across the United States in proposing ordinances that would provide transparency, accountability, and oversight measures.

In April, the City of Oakland’s Public Safety Committee voted unanimously to approve the proposed Surveillance and Community Safety Ordinance. With this strong show of support from the committee and the community, the ordinance is expected to go before the full City Council as soon as Tuesday, May 1.

As we wrote in the letter of support we submitted along with the Freedom of The Press Foundation in May 2017:

Public safety requires trust between government and the community served. To ensure that trust, Oakland needs a participatory process for deciding whether or not to adopt new government surveillance technologies, and ongoing transparency and oversight of any adopted technologies.

As federal agencies continue to erode our privacy, and target our Muslim and immigrant neighbors, we must insist that state and local elected officials take every opportunity to protect our most basic civil rights and civil liberties.

Oakland residents should contact their city council representative, and urge them to vote to pass the Surveillance and Community Safety Ordinance. Across the U.S., Electronic Frontier Alliance allies are building support for similar transparency and oversight measures within their own cities and towns. To join an Electronic Frontier Alliance member organization in your community, or to find out how your group can become a member, visit

Categories: Privacy
Syndicate content