Group items tagged

This June 5th, I pledge to take strong steps to protect my freedom from government mass surveillance. I expect the services I use to do the same.

Fight for the Future and Center for Rights will contact you about future campaigns. Privacy Policy

We have a problem when it comes to stopping mass surveillance.  The entity that’s conducting the most extreme and far-reaching surveillance against most of the world’s communications—the National Security Agency—is bound by United States law.  That’s good news for Americans. U.S. law and the Constitution protect American citizens and legal residents from warrantless surveillance. That means we have a very strong legal case to challenge mass surveillance conducted domestically or that sweeps in Americans’ communications.  Similarly, the United States Congress is elected by American voters. That means Congressional representatives are beholden to the American people for their jobs, so public pressure from constituents can help influence future laws that might check some of the NSA’s most egregious practices. But what about everyone else? What about the 96% of the world’s population who are citizens of other countries, living outside U.S. borders. They don't get a vote in Congress. And current American legal protections generally only protect citizens, legal residents, or those physically located within the United States. So what can EFF do to protect the billions of people outside the United States who are victims of the NSA’s spying?

For years, we’ve been working on a strategy to end mass surveillance of digital communications of innocent people worldwide. Today we’re laying out the plan, so you can understand how all the pieces fit together—that is, how U.S. advocacy and policy efforts connect to the international fight and vice versa. Decide for yourself where you can get involved to make the biggest difference. This plan isn’t for the next two weeks or three months. It’s a multi-year battle that may need to be revised many times as we better understand the tools and authorities of entities engaged in mass surveillance and as more disclosures by whistleblowers help shine light on surveillance abuses.

An internal CIA investigation confirmed allegations that agency personnel improperly intruded into a protected database used by Senate Intelligence Committee staff to compile a scathing report on the agency’s detention and interrogation program, prompting bipartisan outrage and at least two calls for spy chief John Brennan to resign.“This is very, very serious, and I will tell you, as a member of the committee, someone who has great respect for the CIA, I am extremely disappointed in the actions of the agents of the CIA who carried out this breach of the committee’s computers,” said Sen. Saxby Chambliss, R-Ga., the committee’s vice chairman.

The rare display of bipartisan fury followed a three-hour private briefing by Inspector General David Buckley. His investigation revealed that five CIA employees, two lawyers and three information technology specialists improperly accessed or “caused access” to a database that only committee staff were permitted to use.Buckley’s inquiry also determined that a CIA crimes report to the Justice Department alleging that the panel staff removed classified documents from a top-secret facility without authorization was based on “inaccurate information,” according to a summary of the findings prepared for the Senate and House intelligence committees and released by the CIA.In other conclusions, Buckley found that CIA security officers conducted keyword searches of the emails of staffers of the committee’s Democratic majority _ and reviewed some of them _ and that the three CIA information technology specialists showed “a lack of candor” in interviews with Buckley’s office.

The inspector general’s summary did not say who may have ordered the intrusion or when senior CIA officials learned of it.Following the briefing, some senators struggled to maintain their composure over what they saw as a violation of the constitutional separation of powers between an executive branch agency and its congressional overseers.“We’re the only people watching these organizations, and if we can’t rely on the information that we’re given as being accurate, then it makes a mockery of the entire oversight function,” said Sen. Angus King, an independent from Maine who caucuses with the Democrats.The findings confirmed charges by the committee chairwoman, Sen. Dianne Feinstein, D-Calif., that the CIA intruded into the database that by agreement was to be used by her staffers compiling the report on the harsh interrogation methods used by the agency on suspected terrorists held in secret overseas prisons under the George W. Bush administration.The findings also contradicted Brennan’s denials of Feinstein’s allegations, prompting two panel members, Sens. Mark Udall, D-Colo., and Martin Heinrich, D-N.M., to demand that the spy chief resign.

A district court in California has issued a ruling in favor of the National Security Agency in a long-running case over the spy agency’s collection of Internet records.The challenge against the controversial Upstream program was tossed out because additional defense from the government would have required “impermissible disclosure of state secret information,” Judge Jeffrey White wrote in his decision.ADVERTISEMENTUnder the program — details of which were revealed through leaks from Edward Snowden and others — the NSA taps into the fiber cables that make up the backbone of the Internet and gathers information about people's online and phone communications. The agency then filters out communications of U.S. citizens, whose data is protected with legal defenses not extended to foreigners, and searches for “selectors” tied to a terrorist or other target.In 2008, the Electronic Frontier Foundation (EFF) sued the government over the program on behalf of five AT&T customers, who said that the collection violated the constitutional protections to privacy and free speech.

But “substantial details” about the program still remain classified, White, an appointee under former President George W. Bush, wrote in his decision. Moving forward with the merits of a trial would risk “exceptionally grave damage to national security,” he added. <A HREF="http://ws-na.amazon-adsystem.com/widgets/q?rt=tf_mfw&ServiceVersion=20070822&MarketPlace=US&ID=V20070822%2FUS%2Fthehill07-20%2F8001%2Fdffbe72d-f425-4b83-b07e-357ae9d405f6&Operation=NoScript">Amazon.com Widgets</A> The government has been “persuasive” in using its state secrets privilege, he continued, which allows it to withhold evidence from a case that could severely jeopardize national security.   In addition to saying that the program appeared constitutional, the judge also found that the AT&T customers did not even have the standing to sue the NSA over its data gathering.While they may be AT&T customers, White wrote that the evidence presented to the court was “insufficient to establish that the Upstream collection process operates in the manner” that they say it does, which makes it impossible to tell if their information was indeed collected in the NSA program.  The decision is a stinging rebuke to critics of the NSA, who have seen public interest in their cause slowly fade in the months since Snowden’s revelations.

The EFF on Tuesday evening said that it was considering next steps and noted that the court focused on just one program, not the totality of the NSA’s controversial operations.“It would be a travesty of justice if our clients are denied their day in court over the ‘secrecy’ of a program that has been front-page news for nearly a decade,” the group said in a statement.“We will continue to fight to end NSA mass surveillance.”The name of the case is Jewel v. NSA. 

Thousands of people are signing up to join an unprecedented legal campaign against the United Kingdom’s leading electronic surveillance agency. On Monday, London-based human rights group Privacy International launched an initiative enabling anyone across the world to challenge covert spying operations involving Government Communications Headquarters, or GCHQ, the National Security Agency’s British counterpart. The campaign was made possible following a historic court ruling earlier this month that deemed intelligence sharing between GCHQ and the NSA to have been unlawful because of the extreme secrecy shrouding it.

Consequently, members of the public now have a rare opportunity to take part in a lawsuit against the spying in the Investigatory Powers Tribunal, a special British court that handles complaints about surveillance operations conducted by law enforcement and intelligence agencies. Privacy International is allowing anyone who wants to participate to submit their name, email address and phone number through a page on its website. The group plans to use the details to lodge a case with GCHQ and the court that will seek to discover whether each participant’s emails or phone calls have been covertly obtained by the agency in violation of the privacy and freedom of expression provisions of the European Convention on Human Rights. If it is established that any of the communications have been unlawfully collected, the court could force GCHQ to delete them from its vast repositories of intercepted data.

By Tuesday evening, more than 10,000 people had already signed up to the campaign, a spokesman for Privacy International told The Intercept. In a statement announcing the campaign on Monday, Eric King, deputy director of Privacy International, said: “The public have a right to know if they were illegally spied on, and GCHQ must come clean on whose records they hold that they should never have had in the first place. “We have known for some time that the NSA and GCHQ have been engaged in mass surveillance, but never before could anyone explicitly find out if their phone calls, emails, or location histories were unlawfully shared between the U.S. and U.K. “There are few chances that people have to directly challenge the seemingly unrestrained surveillance state, but individuals now have a historic opportunity finally hold GCHQ accountable for their unlawful actions.”

 The United States Telecom Association has filed a lawsuit to overturn the net neutrality rules set by the Federal Communications Commission this past February. In its Monday morning Press Release USTelecom, who represents Verizon and AT&T among others, said it filed a lawsuit in the US Court of Appeals for the District of Columbia joining a similar law suit filed by Alamo Broadband Inc.

The Federal Communications Commission (FCC) published its net neutrality rules in the Federal Register on Monday and, according to procedure, that began a 60-day countdown until they go into effect (June 12). Their publication also opened a 30-day window for Internet service providers to appeal.  USTelecom and Alamo Broadband wasted no time.  USTelecom filed a previous action preserving the issue according to local court rule prior to the formal petition in March.

The rules, which were voted on in February, reclassify broadband under Title II of the 1934 Communications Act and require that ISPs transmit all Web traffic at the same speed. Over 400 pages long, USTelecom filed a CD of the rules as an exhibit with its action. This suit is predicted to be the first of many, as broadband groups like AT&T to congressional Republicans have signaled that they plan to fight the decision.

Three cases that likely lay the groundwork for a major privacy battle at the U.S. Supreme Court are pending before federal appeals courts, whose judges are taking their time announcing whether they believe the dragnet collection of Americans' phone records is legal. It’s been more than five months since the American Civil Liberties Union argued against the National Security Agency program in New York, three months since legal activist Larry Klayman defended his thus far unprecedented preliminary injunction win in Washington, D.C., and two months since Idaho nurse Anna Smith’s case was heard by appeals judges in Seattle. At the district court level, judges handed down decisions about a month after oral arguments in the cases. It’s unclear what accounts for the delay. It’s possible judges are meticulously crafting opinions that are likely to receive wide coverage, or that members of the three-judge panels are clashing on the appropriate decision.

Attorneys involved in the cases understandably are reluctant to criticize the courts, but all express hope for speedy resolution of their fights against alleged violations of Americans’ Fourth Amendment rights.

Though it’s difficult to accurately predict court decisions based on oral arguments, opponents of the mass surveillance program may have reason for optimism.

The new rules for exemptions to copyright's DRM-circumvention laws were issued today, and the Librarian of Congress has granted much of what EFF asked for over the course of months of extensive briefs and hearings. The exemptions we requested—ripping DVDs and Blurays for making fair use remixes and analysis; preserving video games and running multiplayer servers after publishers have abandoned them; jailbreaking cell phones, tablets, and other portable computing devices to run third party software; and security research and modification and repairs on cars—have each been accepted, subject to some important caveats.

The exemptions are needed thanks to a fundamentally flawed law that forbids users from breaking DRM, even if the purpose is a clearly lawful fair use. As software has become ubiquitous, so has DRM.  Users often have to circumvent that DRM to make full use of their devices, from DVDs to games to smartphones and cars. The law allows users to request exemptions for such lawful uses—but it doesn’t make it easy. Exemptions are granted through an elaborate rulemaking process that takes place every three years and places a heavy burden on EFF and the many other requesters who take part. Every exemption must be argued anew, even if it was previously granted, and even if there is no opposition. The exemptions that emerge are limited in scope. What is worse, they only apply to end users—the people who are actually doing the ripping, tinkering, jailbreaking, or research—and not to the people who make the tools that facilitate those lawful activities. The section of the law that creates these restrictions—the Digital Millennium Copyright Act's Section 1201—is fundamentally flawed, has resulted in myriad unintended consequences, and is long past due for reform or removal altogether from the statute books. Still, as long as its rulemaking process exists, we're pleased to have secured the following exemptions.

The new rules are long and complicated, and we'll be posting more details about each as we get a chance to analyze them. In the meantime, we hope each of these exemptions enable more exciting fair uses that educate, entertain, improve the underlying technology, and keep us safer. A better long-terms solution, though, is to eliminate the need for this onerous rulemaking process. We encourage lawmakers to support efforts like the Unlocking Technology Act, which would limit the scope of Section 1201 to copyright infringements—not fair uses. And as the White House looks for the next Librarian of Congress, who is ultimately responsible for issuing the exemptions, we hope to get a candidate who acts—as a librarian should—in the interest of the public's access to information.

In a secret meeting convened by the White House around Thanksgiving, senior national security officials ordered agencies across the U.S. government to find ways to counter encryption software and gain access to the most heavily protected user data on the most secure consumer devices, including Apple Inc.’s iPhone, the marquee product of one of America’s most valuable companies, according to two people familiar with the decision.The approach was formalized in a confidential National Security Council “decision memo,” tasking government agencies with developing encryption workarounds, estimating additional budgets and identifying laws that may need to be changed to counter what FBI Director James Comey calls the “going dark” problem: investigators being unable to access the contents of encrypted data stored on mobile devices or traveling across the Internet. Details of the memo reveal that, in private, the government was honing a sharper edge to its relationship with Silicon Valley alongside more public signs of rapprochement.

On Tuesday, the public got its first glimpse of what those efforts may look like when a federal judge ordered Apple to create a special tool for the FBI to bypass security protections on an iPhone 5c belonging to one of the shooters in the Dec. 2 terrorist attack in San Bernardino, California that killed 14 people. Apple Chief Executive Officer Tim Cook has vowed to fight the order, calling it a “chilling” demand that Apple “hack our own users and undermine decades of security advancements that protect our customers.” The order was not a direct outcome of the memo but is in line with the broader government strategy.White House spokesman Josh Earnest said Wednesday that the Federal Bureau of Investigation and Department of Justice have the Obama administration’s “full” support in the matter. The government is “not asking Apple to redesign its product or to create a new backdoor to their products,” but rather are seeking entry “to this one device,” he said.

Pending before federal magistrate judge James Orenstein is the government’s request for an order obligating Apple, Inc. to unlock an iPhone and thereby assist prosecutors in decrypting data the government has seized and is authorized to search pursuant to a warrant. In an order questioning the government’s purported legal basis for this request, the All Writs Act of 1789 (AWA), Judge Orenstein asked Apple for a brief informing the court whether the request would be technically feasible and/or burdensome. After Apple filed, the court asked it to file a brief discussing whether the government had legal grounds under the AWA to compel Apple’s assistance. Apple filed that brief and the government filed a reply brief last week in the lead-up to a hearing this morning.

We’ve long been concerned about whether end users own software under the law. Software owners have rights of adaptation and first sale enshrined in copyright law. But software publishers have claimed that end users are merely licensees, and our rights under copyright law can be waived by mass-market end user license agreements, or EULAs. Over the years, Granick has argued that users should retain their rights even if mass-market licenses purport to take them away. The government’s brief takes advantage of Apple’s EULA for iOS to argue that Apple, the software publisher, is responsible for iPhones around the world. Apple’s EULA states that when you buy an iPhone, you’re not buying the iOS software it runs, you’re just licensing it from Apple. The government argues that having designed a passcode feature into a copy of software which it owns and licenses rather than sells, Apple can be compelled under the All Writs Act to bypass the passcode on a defendant’s iPhone pursuant to a search warrant and thereby access the software owned by Apple. Apple’s supplemental brief argues that in defining its users’ contractual rights vis-à-vis Apple with regard to Apple’s intellectual property, Apple in no way waived its own due process rights vis-à-vis the government with regard to users’ devices. Apple’s brief compares this argument to forcing a car manufacturer to “provide law enforcement with access to the vehicle or to alter its functionality at the government’s request” merely because the car contains licensed software. 

This is an interesting twist on the decades-long EULA versus users’ rights fight. As far as we know, this is the first time that the government has piggybacked on EULAs to try to compel software companies to provide assistance to law enforcement. Under the government’s interpretation of the All Writs Act, anyone who makes software could be dragooned into assisting the government in investigating users of the software. If the court adopts this view, it would give investigators immense power. The quotidian aspects of our lives increasingly involve software (from our cars to our TVs to our health to our home appliances), and most of that software is arguably licensed, not bought. Conscripting software makers to collect information on us would afford the government access to the most intimate information about us, on the strength of some words in some license agreements that people never read. (And no wonder: The iPhone’s EULA came to over 300 pages when the government filed it as an exhibit to its brief.)

AFTER MORE THAN a month of insisting that Apple weaken its security to help the FBI break into San Bernardino killer Syed Rizwan Farook’s iPhone, the government has dropped its legal fight. “The government has now successfully accessed the data stored on Farook’s iPhone and therefore no longer requires the assistance from Apple,” wrote attorneys for the Department of Justice on Monday evening. It’s not yet known if anything valuable was stored on the phone, however. “The FBI is currently reviewing the information on the phone, consistent with standard investigatory procedures,” said Department of Justice spokesperson Melanie Newman in a statement.

It finally happened. The feds forced an Apple iPhone X owner to unlock their device with their face.A child abuse investigation unearthed by Forbes includes the first known case in which law enforcement used Apple Face ID facial recognition technology to open a suspect's iPhone. That's by any police agency anywhere in the world, not just in America.It happened on August 10, when the FBI searched the house of 28-year-old Grant Michalski, a Columbus, Ohio, resident who would later that month be charged with receiving and possessing child pornography. With a search warrant in hand, a federal investigator told Michalski to put his face in front of the phone, which he duly did. That allowed the agent to pick through the suspect's online chats, photos and whatever else he deemed worthy of investigation.The case marks another significant moment in the ongoing battle between law enforcement and tech providers, with the former trying to break the myriad security protections put in place by the latter. Since the fight between the world's most valuable company and the FBI in San Bernardino over access to an iPhone in 2016, Forbes has been tracking the various ways cops have been trying to break Apple's protections.

The U.S. Department of Homeland Security (DHS) is quietly building what will likely become the largest database of biometric and biographic data on citizens and foreigners in the United States. The agency’s new Homeland Advanced Recognition Technology (HART) database will include multiple forms of biometrics—from face recognition to DNA, data from questionable sources, and highly personal data on innocent people. It will be shared with federal agencies outside of DHS as well as state and local law enforcement and foreign governments. And yet, we still know very little about it.The records DHS plans to include in HART will chill and deter people from exercising their First Amendment protected rights to speak, assemble, and associate. Data like face recognition makes it possible to identify and track people in real time, including at lawful political protests and other gatherings. Other data DHS is planning to collect—including information about people’s “relationship patterns” and from officer “encounters” with the public—can be used to identify political affiliations, religious activities, and familial and friendly relationships. These data points are also frequently colored by conjecture and bias.

DHS currently collects a lot of data. Its legacy IDENT fingerprint database contains information on 220-million unique individuals and processes 350,000 fingerprint transactions every day. This is an exponential increase from 20 years ago when IDENT only contained information on 1.8-million people. Between IDENT and other DHS-managed databases, the agency manages over 10-billion biographic records and adds 10-15 million more each week.

DHS’s new HART database will allow the agency to vastly expand the types of records it can collect and store. HART will support at least seven types of biometric identifiers, including face and voice data, DNA, scars and tattoos, and a blanket category for “other modalities.” It will also include biographic information, like name, date of birth, physical descriptors, country of origin, and government ID numbers. And it will include data we know to by highly subjective, including information collected from officer “encounters” with the public and information about people’s “relationship patterns.”

Why did the internet freedom agenda fail? Goldsmith’s essay tees up, but does not fully explore, a range of explanatory hypotheses. The most straightforward have to do with unrealistic expectations and unintended consequences. The idea that a minimally regulated internet would usher in an era of global peace, prosperity, and mutual understanding, Goldsmith tells us, was always a fantasy. As a project of democracy and human rights promotion, the internet freedom agenda was premised on a wildly overoptimistic view about the capacity of information flows, on their own, to empower oppressed groups and effect social change. Embracing this market-utopian view led the United States to underinvest in cybersecurity, social media oversight, and any number of other regulatory tools. In suggesting this interpretation of where U.S. policymakers and their civil society partners went wrong, Goldsmith’s essay complements recent critiques of the neoliberal strains in the broader human rights and transparency movements. Perhaps, however, the internet freedom agenda has faltered not because it was so naïve and unrealistic, but because it was so effective at achieving its realist goals. The seeds of this alternative account can be found in Goldsmith’s concession that the commercial non-regulation principle helped companies like Apple, Google, Facebook, and Amazon grab “huge market share globally.” The internet became an increasingly valuable cash cow for U.S. firms and an increasingly potent instrument of U.S. soft power over the past two decades; foreign governments, in due course, felt compelled to fight back. If the internet freedom agenda is understood as fundamentally a national economic project, rather than an international political or moral crusade, then we might say that its remarkable early success created the conditions for its eventual failure. Goldsmith’s essay also points to a third set of possible explanations for the collapse of the internet freedom agenda, involving its internal contradictions. Magaziner’s notion of a completely deregulated marketplace, if taken seriously, is incoherent. As Goldsmith and Tim Wu have discussed elsewhere, it takes quite a bit of regulation for any market, including markets related to the internet, to exist and to work. And indeed, even as Magaziner proposed “complete deregulation” of the internet, he simultaneously called for new legal protections against computer fraud and copyright infringement, which were soon followed by extensive U.S. efforts to penetrate foreign networks and to militarize cyberspace. Such internal dissonance was bound to invite charges of opportunism, and to render the American agenda unstable.