Group items tagged

In a sweeping victory for privacy rights in the digital age, the Supreme Court on Wednesday unanimously ruled that the police need warrants to search the cellphones of people they arrest.While the decision will offer protection to the 12 million people arrested every year, many for minor crimes, its impact will most likely be much broader. The ruling almost certainly also applies to searches of tablet and laptop computers, and its reasoning may apply to searches of homes and businesses and of information held by third parties like phone companies.“This is a bold opinion,” said Orin S. Kerr, a law professor at George Washington University. “It is the first computer-search case, and it says we are in a new digital age. You can’t apply the old rules anymore.”

That is why I am proposing that the FCC use its Title II authority to implement and enforce open internet protections. Using this authority, I am submitting to my colleagues the strongest open internet protections ever proposed by the FCC. These enforceable, bright-line rules will ban paid prioritization, and the blocking and throttling of lawful content and services. I propose to fully apply—for the first time ever—those bright-line rules to mobile broadband. My proposal assures the rights of internet users to go where they want, when they want, and the rights of innovators to introduce new products without asking anyone’s permission. All of this can be accomplished while encouraging investment in broadband networks. To preserve incentives for broadband operators to invest in their networks, my proposal will modernize Title II, tailoring it for the 21st century, in order to provide returns necessary to construct competitive networks. For example, there will be no rate regulation, no tariffs, no last-mile unbundling. Over the last 21 years, the wireless industry has invested almost $300 billion under similar rules, proving that modernized Title II regulation can encourage investment and competition.

 The United States Telecom Association has filed a lawsuit to overturn the net neutrality rules set by the Federal Communications Commission this past February. In its Monday morning Press Release USTelecom, who represents Verizon and AT&T among others, said it filed a lawsuit in the US Court of Appeals for the District of Columbia joining a similar law suit filed by Alamo Broadband Inc.

The Federal Communications Commission (FCC) published its net neutrality rules in the Federal Register on Monday and, according to procedure, that began a 60-day countdown until they go into effect (June 12). Their publication also opened a 30-day window for Internet service providers to appeal.  USTelecom and Alamo Broadband wasted no time.  USTelecom filed a previous action preserving the issue according to local court rule prior to the formal petition in March.

The rules, which were voted on in February, reclassify broadband under Title II of the 1934 Communications Act and require that ISPs transmit all Web traffic at the same speed. Over 400 pages long, USTelecom filed a CD of the rules as an exhibit with its action. This suit is predicted to be the first of many, as broadband groups like AT&T to congressional Republicans have signaled that they plan to fight the decision.

The five-week court hearing in what is a complex case delving into detail on US surveillance operations took place in February. The court issued its ruling today. The 153-page ruling starts by noting “this is an unusual case”, before going into a detailed discussion of the arguments and concluding that the DPC’s concerns about the validity of SCCs should be referred to the European Court of Justice for a preliminary ruling. Schrems is also the man responsible for bringing, in 2013, a legal challenge that ultimately struck down Safe Harbor — the legal mechanism that had oiled the pipe for EU-US personal data flows for fifteen years before the ECJ ruled it to be invalid in October 2015. Schrems’ argument had centered on U.S. government mass surveillance programs, as disclosed via the Snowden leaks, being incompatible with fundamental European privacy rights. After the ECJ struck down Safe Harbor he then sought to apply the same arguments against Facebook’s use of SCCs — returning to Ireland to make the complaint as that’s where the company has its European HQ. It’s worth noting that the European Commission has since replaced Safe Harbor with a new (and it claims more robust) data transfer mechanism, called the EU-US Privacy Shield — which is now, as Safe Harbor was, used by thousands of businesses. Although that too is facing legal challenges as critics continue to argue there is a core problem of incompatibility between two distinct legal regimes where EU privacy rights collide with US mass surveillance.

In a written statement on the ruling Schrems added: “I welcome the judgement by the Irish High Court. It is important that a neutral Court outside of the US has summarized the facts on US surveillance in a judgement, after diving through more than 45,000 pages of documents in a five week hearing.

Making a video statement outside court in Dublin today, Schrems said the Irish court had dismissed Facebook’s argument that the US government does not undertake any surveillance.

Theresa May is planning to introduce huge regulations on the way the internet works, allowing the government to decide what is said online. Particular focus has been drawn to the end of the manifesto, which makes clear that the Tories want to introduce huge changes to the way the internet works. "Some people say that it is not for government to regulate when it comes to technology and the internet," it states. "We disagree." Senior Tories confirmed to BuzzFeed News that the phrasing indicates that the government intends to introduce huge restrictions on what people can post, share and publish online. The plans will allow Britain to become "the global leader in the regulation of the use of personal data and the internet", the manifesto claims. It comes just soon after the Investigatory Powers Act came into law. That legislation allowed the government to force internet companies to keep records on their customers' browsing histories, as well as giving ministers the power to break apps like WhatsApp so that messages can be read. The manifesto makes reference to those increased powers, saying that the government will work even harder to ensure there is no "safe space for terrorists to be able to communicate online". That is apparently a reference in part to its work to encourage technology companies to build backdoors into their encrypted messaging services – which gives the government the ability to read terrorists' messages, but also weakens the security of everyone else's messages, technology companies have warned.

The government now appears to be launching a similarly radical change in the way that social networks and internet companies work. While much of the internet is currently controlled by private businesses like Google and Facebook, Theresa May intends to allow government to decide what is and isn't published, the manifesto suggests. The new rules would include laws that make it harder than ever to access pornographic and other websites. The government will be able to place restrictions on seeing adult content and any exceptions would have to be justified to ministers, the manifesto suggests. The manifesto even suggests that the government might stop search engines like Google from directing people to pornographic websites. "We will put a responsibility on industry not to direct users – even unintentionally – to hate speech, pornography, or other sources of harm," the Conservatives write.

The laws would also force technology companies to delete anything that a person posted when they were under 18. But perhaps most unusually they would be forced to help controversial government schemes like its Prevent strategy, by promoting counter-extremist narratives. "In harnessing the digital revolution, we must take steps to protect the vulnerable and give people confidence to use the internet without fear of abuse, criminality or exposure to horrific content", the manifesto claims in a section called 'the safest place to be online'. The plans are in keeping with the Tories' commitment that the online world must be regulated as strongly as the offline one, and that the same rules should apply in both. "Our starting point is that online rules should reflect those that govern our lives offline," the Conservatives' manifesto says, explaining this justification for a new level of regulation. "It should be as unacceptable to bully online as it is in the playground, as difficult to groom a young child on the internet as it is in a community, as hard for children to access violent and degrading pornography online as it is in the high street, and as difficult to commit a crime digitally as it is physically."

India is the world’s largest democracy and is home to 13.5 percent of the world’s internet users. So the Indian Supreme Court’s August ruling that privacy is a fundamental, constitutional right for all of the country’s 1.32 billion citizens was momentous. But now, close to three months later, it’s still unclear exactly how the decision will be implemented. Will it change everything for internet users? Or will the status quo remain? The most immediate consequence of the ruling is that tech companies such as Facebook, Twitter, Google, and Alibaba will be required to rein in their collection, utilization, and sharing of Indian user data. But the changes could go well beyond technology. If implemented properly, the decision could affect national politics, business, free speech, and society. It could encourage the country to continue to make large strides toward increased corporate and governmental transparency, stronger consumer confidence, and the establishment and growth of the Indian “individual” as opposed to the Indian collective identity. But that’s a pretty big if. Advertisement The privacy debate in India was in many ways sparked by a controversy that has shaken up the landscape of national politics for several months. It began in 2016 as a debate around a social security program that requires participating citizens to obtain biometric, or Aadhaar, cards. Each card has a unique 12-digit number and records an individual’s fingerprints and irises in order to confirm his or her identity. The program was devised to increase the ease with which citizens could receive social benefits and avoid instances of fraud. Over time, Aadhaar cards have become mandatory for integral tasks such as opening bank accounts, buying and selling property, and filing tax returns, much to the chagrin of citizens who are uncomfortable about handing over their personal data. Before the ruling, India had weak privacy protections in place, enabling unchecked data collection on citizens by private companies and the government. Over the past year, a number of large-scale data leaks and breaches that have impacted major Indian corporations, as well as the Aadhaar program itself, have prompted users to start asking questions about the security and uses of their personal data.

n order to bolster the ruling the government will also be introducing a set of data protection laws that are to be developed by a committee led by retired Supreme Court judge B.N. Srikrishna. The committee will study the data protection landscape, develop a draft Data Protection Bill, and identify how, and whether, the Aadhaar Act should be amended based on the privacy ruling.

Should the data protection laws be implemented in an enforceable manner, the ruling will significantly impact the business landscape in India. Since the election of Prime Minister Narendra Modi in May 2014, the government has made fostering and expanding the technology and startup sector a top priority. The startup scene has grown, giving rise to several promising e-commerce companies, but in 2014, only 12 percent of India’s internet users were online consumers. If the new data protection laws are truly impactful, companies will have to accept responsibility for collecting, utilizing, and protecting user data safely and fairly. Users would also have a stronger form of redress when their newly recognized rights are violated, which could transform how they engage with technology. This has the potential to not only increase consumer confidence but revitalize the Indian business sector, as it makes it more amenable and friendly to outside investors, users, and collaborators.

Brussels, 18 March 2013 -- More than 35 European and United States civil society organisations insist that a proposed trade agreement between the EU and the US exclude any provisions related to patents, copyright, trademarks, or other forms of so-called "intellectual property". Such provisions could impede citizens' rights to health, culture, and free expression and otherwise affect their daily lives.

The civil society organisations also insist that the EU and US will release the negotiating texts of the trade agreement they intend to negotiate. They believe that secretive "trade" negotiations are absolutely unacceptable forums for devising binding rules that change national non-trade laws.

We, the undersigned, are internet freedom and public health groups, activists, and other public interest leaders dedicated to the rights of all people to access cultural and educational resources and affordable medicines, to enjoy a free and open internet, and to benefit from open and needs-driven innovation. First, we insist that the European Union and United States release, in timely and ongoing fashion, any and all negotiating or pre-negotiation texts. We believe that secretive "trade" negotiations are absolutely unacceptable forums for devising binding rules that change national non-trade laws. Second, we insist that the proposed TAFTA exclude any provisions related to patents, copyright, trademarks, data protection, geographical indications, or other forms of so-called "intellectual property". Such provisions could impede our rights to health, culture, and free expression and otherwise affect our daily lives.

In our society, the rule of law sets limits on what government can and cannot do, no matter how important its goals. To give a simple example, even when chasing a fleeing murder suspect, the police have a duty not to endanger bystanders. The government should pay the same care to our safety in pursuing threats online, but right now we don’t have clear, enforceable rules for government activities like hacking and "digital sabotage." And this is no abstract question—these actions increasingly endanger everyone’s security

The problem became especially clear this year during the San Bernardino case, involving the FBI’s demand that Apple rewrite its iOS operating system to defeat security features on a locked iPhone. Ultimately the FBI exploited an existing vulnerability in iOS and accessed the contents of the phone with the help of an "outside party." Then, with no public process or discussion of the tradeoffs involved, the government refused to tell Apple about the flaw. Despite the obvious fact that the security of the computers and networks we all use is both collective and interwoven—other iPhones used by millions of innocent people presumably have the same vulnerability—the government chose to withhold information Apple could have used to improve the security of its phones. Other examples include intelligence activities like Stuxnet and Bullrun, and law enforcement investigations like the FBI’s mass use of malware against Tor users engaged in criminal behavior. These activities are often disproportionate to stopping legitimate threats, resulting in unpatched software for millions of innocent users, overbroad surveillance, and other collateral effects.  That’s why we’re working on a positive agenda to confront governmental threats to digital security. Put more directly, we’re calling on lawyers, advocates, technologists, and the public to demand a public discussion of whether, when, and how governments can be empowered to break into our computers, phones, and other devices; sabotage and subvert basic security protocols; and stockpile and exploit software flaws and vulnerabilities.  

Smart people in academia and elsewhere have been thinking and writing about these issues for years. But it’s time to take the next step and make clear, public rules that carry the force of law to ensure that the government weighs the tradeoffs and reaches the right decisions. This long post outlines some of the things that can be done. It frames the issue, then describes some of the key areas where EFF is already pursuing this agenda—in particular formalizing the rules for disclosing vulnerabilities and setting out narrow limits for the use of government malware. Finally it lays out where we think the debate should go from here.   

A federal judge in Idaho has upheld the constitutionality of the National Security Agency's program that gathers massive quanities of data on the telephone calls of Americans. The ruling Tuesday from U.S. District Court Judge B. Lynn Winmill leaves the federal government with two wins in lawsuits decided since the program was revealed about a year ago by ex-NSA contractor Edward Snowden. In addition, one judge handling a criminal case ruled that the surveillance did not violate the Constitution. Opponents of the program have only one win: U.S. District Court Judge Richard Leon's ruling in December that the program likely violates the Fourth Amendment. In the new decision, Winmill said binding precedent in the Ninth Circuit holds that call and email metadata are not protected by the Constitution and no warrant is needed to obtain it.

"The weight of the authority favors the NSA," wrote Winmill, an appointee of President Bill Clinton. Winmill took note of Leon's contrary decision and called it eloquent, but concluded it departs from current Supreme Court precedent — though perhaps not for long. "Judge Leon’s decision should serve as a template for a Supreme Court opinion. And it might yet," Winmill wrote as he threw out the lawsuit brought by an Idaho registered nurse who objected to the gathering of data on her phone calls. Winmill's opinion (posted here) does not address an argument put forward by some critics of the program, including some lawmakers: that the metadata program violates federal law because it does not fit squarely within the language of the statute used to authorize it.