Sen. Wyden: Border Searches of Digital Devices Should Require a Warrant

Sen. Wyden: Border Searches of Digital Devices Should Require a Warrant
By Sophia Cope

This week Sen. Wyden (D-OR) sent a letter to Department of Homeland Security (DHS) Secretary John Kelly stating that he will soon introduce legislation that would require law enforcement agencies to obtain a warrant before searching the data on digital devices at the border. We applaud Sen. Wyden for taking a stand on this important privacy issue.

Sen. Wyden said that he wants to “guarantee that the Fourth Amendment is respected at the border.”

We have been arguing for a while that the Fourth Amendment requires a warrant based on probable cause for border searches of cell phones, laptops and other mobile devices that contain gigabytes of highly personal information.

Sen. Wyden’s letter comes after several recent reports that Customs and Border Protection (CBP) agents have been conducting invasive searches of the digital devices of Americans and foreign travelers alike. For example, CBP agents demand that travelers unlock or decrypt their devices, or simply disclose their device passcodes. Additionally, CBP agents access not only public social media posts by demanding handles, but also private social media and other “cloud” content via smartphone apps. The AP recently reported that border agents accessed an American citizen’s eBay and Amazon accounts via his cell phone.

Sen. Wyden also wants to prohibit government agents from forcing travelers to disclose the login credentials to their social media and other online accounts. Secretary Kelly proposed requiring this from foreign visitors to the U.S. during a congressional hearing earlier this month.

Sen. Wyden argued that DHS/CBP policies and practices violate the privacy and civil liberties of travelers, “distract CBP from its core mission and needlessly divert agency resources away from those who truly threaten our nation,” and harm U.S. economic interests by discouraging international business travel.

Sen. Wyden also asked Secretary Kelly to respond to five excellent questions by March 20, 2017:

  1. What legal authority permits CBP to ask for or demand, as a condition of entry, that a U.S. person disclose their social media or email account password?
  2. How is CBP use of a traveler’s password to gain access to data stored in the cloud consistent with the Computer Fraud and Abuse Act?
  3. What legal authority permits CBP to ask for or demand, as a condition of entry, that a U.S. person turn over their device PIN or password to gain access to encrypted data? How are such demands consistent with the Fifth Amendment?
  4. How many times in each calendar year 2012-2016 did CBP personnel ask for or demand, as a condition of entry, that a U.S. person disclose a smartphone or computer passcode, or otherwise provide access to a locked smartphone or computer? How many times has this occurred since January 20, 2017?
  5. How many times in each calendar year [2012-2016] did CBP personnel ask for or demand, as a condition of entry, that a U.S. person disclose a social media or email account password, or otherwise provide CBP personnel access to data stored in an online account? How many times has this occurred since January 20, 2017?

While we believe that the Constitution requires the highest level of legal protection for digital data at the border and we urge courts to make this clear in case law, we support Sen. Wyden’s effort to enshrine a probable cause warrant requirement in legislation. The faster we reach this unequivocal rule the better.

We also look forward to Secretary Kelly’s responses to Sen. Wyden’s questions.

In the meantime, please tell us your border search stories. You can write to us at borders@eff.org. If you want to contact us securely via email, please use PGP/GPG. Or you can call us at +1-415-436-9333.

February 22, 2017 at 07:09AM
via Deeplinks http://ift.tt/2lmnP7g

History tells us the wars on privacy and sharing will get worse before it gets better

History tells us the wars on privacy and sharing will get worse before it gets better
By Rick Falkvinge

All governments of the world are cracking down on privacy and increasing mass surveillance, sometimes in the name of copyright enforcement, sometimes in the name of fighting terrorism, sometimes because they just want to. There’s a pattern here of similar things in the past – something is horrible, horrible, horrible, until the point where fighting the phenomenon just looks silly, counterproductive, and inhumane. Cannabis is there today, and it’s going to be years if not decades until it’s just as silly to fight people sharing knowledge and culture with each other, trying to brand them as awful people.

The striking pattern here is that people in power may regard an issue as completely peripheral, even downright uninteresting – like powerholders regard copyright – and still use the push from legacy industry interests as an excuse to get what they really want, like the copyright industry demanding mass surveillance.

Nixon declared war on cannabis… what year was it again? Oh nevermind exactly what year, it was as far back as when Nixon was president, which says a whole lot more than an exact year (it was 1968). His campaign advisor has since gone on record saying they knew all along they lied about the dangers of drugs, but that declaring war on them helped them shatter the communities that threatened Nixon’s re-election, specifically the hippies that opposed the Vietnam war.

“Did we know we [the Nixon administration] were lying about the drugs? Of course we did.” — John Erlichman

The pattern seems to be that social breakthroughs, getting rid of the old taboos, happen in a few areas first that test the waters, and when nothing bad happens, the floodgates open. Bloomberg did a good feature of it from a US perspective, analyzing US breakthroughs like women’s suffrage, marriage between people of different skin tones (which was once illegal!), and other similar issues.

“A few pioneer states get out front before the others, and then a key event—often a court decision or a grassroots campaign reaching maturity—triggers a rush of state activity that ultimately leads to a change in federal law.” — Bloomberg

When it comes to privacy in general, and sharing music, movies, culture, and knowledge between each other in particular, we can tell that we’re not at the “okay, this policy is just silly, everybody’s doing it and nobody cares” phase yet. Everybody’s sharing and nobody cares, except the copyright industry, and the powers that be are using every excuse of that industry to crack down and toughen existing laws. Even though everybody who knows something understands that the laws are not just ineffective, but counterproductive and silly, there’s no room for such thinking where the lobbyists of legacy industries roam unchallenged.

It took some 50 years to get to the “okay, this persecution is just silly” phase with cannabis. Let’s not make it fifty years with sharing and digital civil liberties.

Privacy remains your own responsibility.

The post History tells us the wars on privacy and sharing will get worse before it gets better appeared first on Privacy Online News.

February 20, 2017 at 04:32PM
via Privacy Online News http://ift.tt/2m4Pg3P

Understanding the different Maslow need levels for privacy

Understanding the different Maslow need levels for privacy
By Rick Falkvinge

When we aspire to have privacy, we may do so for a number of different reasons. All these reasons are valid, but some are more urgent than others, psychologically speaking. When debating privacy issues, it’s important to be aware of these psychological models and the very real consequences involved.

The psychologist Abraham Maslow created a theory known as the Maslow Hierarchy of Human Needs, which predicts the ranked order people will adhere to in seeking out certain things in their life. Where privacy is ranked on this list is a matter of which environment you operate in, and it’s crucial to recognize the differences.

Generally speaking, Maslow predicted that people won’t progress to addressing a higher level of needs until the current level is fully satisfied. The first level involves basic physiological needs – food, air, water, heat. Once these are satisfied, people start working on the second – safety from violence, safety in having food, air, and water for tomorrow as well; general freedom from worry. The third level is a sense of belonging to a group or tribe, the fourth is enjoying a sense of respect within that tribe, and the fifth and highest is self-development, once all other levels are satisfied.

The key thing to bear in mind here is that if you’re unsatisfied with safety (level two), for instance, then nothing of what you’re being served on levels three, four, and five really matters. If you don’t have your basic physical needs like food, water, or even oxygen met (level one), then no other needs are taken into account at that point. If you’re starving, you’re not going to be concerned with respect in your group.


Maslow’s Hierarchy of Human Needs. (Click to enlarge.)

Here’s the key realization that people want privacy for vastly different reasons. This is really common sense, but to have a model for it like this helps to make the concepts tangible.

Most of us who debate the merits of privacy do so for self-development reasons. We think it’s a better society where people have privacy, and for good reasons – very good reasons: all societies where privacy is or has been absent (North Korea, East Germany) have generally been… shall we call them low-satisfaction societies. But the key is that we’re still debating from an internal motivation of self-development (in this case, it makes no difference whether we’re seeking to develop ourselves or our society in general).

Those of us who talk at conferences about privacy and who write about it on blogs like this generally don’t talk about privacy because of physical safety concerns. Nor do we do so for a sense of belonging. You could argue that people who talk and write about privacy from the safety and comfort of an office or a café do so competing for respect in their group or tribe (level four), but that’s still a follow-on effect from the meritocracy development on level five.

Now, compare this who people who get mortar shells flying toward their location the second it is revealed. There are stories of reporters in rebel zones who have wanted to use a satellite phone to contact the outside world for whatever reason, and where the local commander led them to a deserted area, handed them a satphone and started the clock. After eight minutes of having the phone active, the commander would say “that’s enough”, terminate the call, turn off the phone and rapidly walk away from the location with the reporter. About four minutes after that, explosive ordnance would start raining down and killing anything within a football field area of the precise location of where the phone call was made. Somebody in this situation also wants privacy, but for completely different reasons: basic, actual, physical safety – what the model says is level two on the Maslow scale.

The important thing to realize here is that somebody arguing privacy from level five (self-development) will have their actions affected by not offending their previously-met needs on levels three and four (belonging, respect, and recognition). Somebody arguing privacy from level two (physical safety) will have no such concerns whatsoever. This level-five mechanism would manifest as a respect for contemporary taboos when arguing on conferences and columns, even when those taboos get in the way of actual developments in privacy.

(There are exceptions to the respect for taboos. I’ve frequently taken flak for disrespecting them – some of them. Maybe I’m respecting other ones subconsciously.)

There’s a conflict of interest here that’s based on how we’re psychologically wired at the physical level: somebody arguing for privacy from a level-five standpoint will not do so in a way that jeopardizes the needs met at lower levels.

There are also other noteworthy political reasons people will aspire and demand privacy. Most would do it from a human rights or civil liberties standpoint. However, if you’re looking at many governments in Asia, they could not care less about human rights as a Western concept – but they do want strong privacy, because it enables whistleblowing of corruption in their government. Thus, they want it from a level three standpoint – the ability to report corruption without repercussions from your peers, essentially.

There’s a saying here: politics is the art of making people agree with you, but for their own reasons.

Now, you could argue that you’re learning to use privacy properly as a hobby because you see a day where you might really need it, the way mass surveillance is developing and governments are cracking down on liberty. This would be a very valid argument. This would not be entirely unlike learning to quickly fight house fires as a form of self-development (level five), until the night you wake up from your smoke alarm and put your skills to use (level one). Or hoard some food as a form of self-development where people ridicule you as a tinfoil-hat doomsday prepper, until that day an ordinary snowstorm shuts down all food deliveries and you just go out to your bunker and causally grab some tasty freeze-dried chow, while others scramble for bread and rice where they can get it. Something that’s on level five today may be on a lower level tomorrow.

It’s with this insight that a lot of us are arguing for privacy, which remains your own responsibility.

The post Understanding the different Maslow need levels for privacy appeared first on Privacy Online News.

February 15, 2017 at 10:26AM
via Privacy Online News http://ift.tt/2kJfKXm

Trump’s Attorney General’s Record on Privacy

Trump’s Attorney General’s Record on Privacy
By Kate Tummarello

President Donald Trump’s nominee to lead the country’s law enforcement has cleared the Senate.

The Senate voted 52-47 on Wednesday to confirm Sen. Jeff Sessions, whose record on civil liberties issues—including digital rights—has drawn fire from Democratic lawmakers and public interest groups.

EFF has expressed concerns about Sessions’ record on surveillance, encryption, and freedom of the press. Those concerns intensified during his confirmation process.

Throughout his confirmation hearing in front of the Senate Judiciary Committee and his written responses to additional questions from lawmakers, Sessions made a number of troubling statements. He said he would support legislation to enable a privacy-invasive Rapid DNA system. He refused to definitively commit not to put journalists in jail for doing their job. He dodged questions about Justice Department policies on Stingrays, and wouldn’t refused to commit to publish guidelines on how federal law enforcement uses government hacking. He called it “critical” that law enforcement be able to “overcome” encryption.

His Senate record on surveillance is also disturbing. Sessions helped to derail reform to the Electronic Communications Privacy Act in the Senate. He also opposed the USA FREEDOM Act, a set of moderate reforms to the NSA’s mass collection of information about Americans’ domestic phone calls. In 2015, he went so far as to pen an alarmist op-ed against the bill, in which he claimed that the bulk phone records collection was “subject to extraordinary oversight” and warned the bill “would make it vastly more difficult for the NSA to stop a terrorist than it is to stop a tax cheat.”

During the hearing, USA FREEDOM sponsor Sen. Patrick Leahy pressed Sessions on whether he is committed to enforcing the surveillance reform law. Sessions responded that the prohibition on bulk collection “appears to be” the governing statute for U.S. government surveillance. His qualified answer raises concerns. And while he pledged to follow that law, he couldn’t confirm it prohibited bulk collection of domestic phone records in all cases. (It does.)

In a marathon, all-night debate in opposition to Sessions, Senate Democrats pointed to his track record on surveillance and privacy as a source of concern.

Montana Democrat Sen. Jon Tester pointed to Sessions’ repeated votes in favor of “the most intrusive aspects of the Patriot Act.” He asked, “Will he fight on behalf of government officials that listen into our phone calls or scroll through our emails or preserve our Snapchats?”

Washington Democrat Sen. Maria Cantwell said she is concerned by Sessions’ support for “President [George W.] Bush’s warrantless wiretapping and surveillance programs,” and his support for backdoor access to encrypted technologies. “I do have concerns that the president’s nominee…may not stand up to the President of the United States in making sure that the civil liberties of Americans are protected.”

Now that he has been confirmed, EFF and other civil liberties advocates will work to hold him accountable as Attorney General and block any attempts by him or anyone else to broaden the government surveillance powers that threaten our basic privacy rights.

February 9, 2017 at 06:21PM
via Deeplinks http://ift.tt/2kXSOXp

Healthy Domains Initiative Isn’t Healthy for the Internet

Healthy Domains Initiative Isn’t Healthy for the Internet
By Jeremy Malcolm and Mitch Stoltz

EFF had high hopes that the Domain Name Association’s Healthy Domains Initiative (HDI) wouldn’t be just another secretive industry deal between rightsholders and domain name intermediaries. Toward that end, we and other civil society organizations worked in good faith on many fronts to make sure HDI protected Internet users as well.

Those efforts seem to have failed. Yesterday, the Domain Name Association (DNA), a relatively new association of domain registries and registrars, suddenly launched a proposal for “Registry/Registrar Healthy Practices” on a surprised world, calling on domain name companies to dive headlong into a new role as private arbiters of online speech. This ill-conceived proposal is the very epitome of Shadow Regulation. There was no forewarning about the release of this proposal on the HDI mailing list; indeed, the last update posted there was on June 9, 2016, reporting “some good progress,” and promising that any HDI best practice document “will be shared broadly to this group for additional feedback.” That never happened, and neither were any updates posted to HDI’s blog.

While yesterday’s announcement claims that “civil society” was part of a “year-long process of consultation” leading to this document, it doesn’t say which groups participated, or how they were selected. In any purported effort to develop a set of community-based principles, a failure to proactively reach out to affected stakeholders, especially if they have already expressed interest, exposes the effort as a sham. “Inclusion” is one of the three key criteria that EFF developed in explaining how fair processes can lead to better outcomes, and this means making sure that all stakeholders who are affected by Internet policies have the opportunity to be heard. The onus here lies on the organization that aims to develop those policies, and in this the DNA has clearly failed.

Copyright Censorship Through Compulsory Private Arbitration

So, what did HDI propose in its Registry/Registrar Healthy Practices [PDF]? The Practices divide into four categories, quite different from one another: Addressing Online Security Abuse, Complaint Handling for “Rogue” Pharmacies, Enhancing Child Abuse Mitigation Systems, and Voluntary Third Party Handling of Copyright Infringement Cases. We will focus for now on the last of these, because it is the newest and most overreaching voluntary enforcement mechanism described in the Practices.

The HDI recommends the construction of “a voluntary framework for copyright infringement disputes, so copyright holders could use a more efficient and cost-effective system for clear cases of copyright abuse other than going to court.” This would involve forcing everyone who registers a domain name to consent to an alternative dispute resolution (ADR) process for any copyright claim that is made against their website. This process, labelled ADRP, would be modeled after the Uniform Dispute Resolution Policy (UDRP), an ADR process for disputes between domain name owners and trademark holders, in which the latter can claim that a domain name infringes its trademark rights and have the domain transferred to their control.

This is a terrible proposal, for a number of reasons. First and foremost, a domain name owner who contracts with a registrar is doing so only for the domain name of their website or Internet service. The content that happens to be posted within that website or service has nothing to do with the domain name registrar, and frankly, is none of its business. If a website is hosting unlawful content, then it is the website host, not the domain registrar, who needs to take responsibility for that, and only to the extent of fulfilling its obligations under the DMCA or its foreign equivalents.

Second, it seems too likely that any voluntary, private dispute resolution system paid for by the complaining parties will be captured by copyright holders and become a privatized version of the failed Internet censorship bills SOPA and PIPA. While the HDI gives lip service to the need to “ensure due process for respondents,” if the process by which the HDI Practices themselves were developed is any guide, we cannot trust that this would be the case. If any proof is needed of this, we only need to look at the ADRP’s predecessor and namesake, the UDRP, a systemically biased process that has been used to censor domains used for legitimate purposes such as criticism, and domains that are generic English words. Extending this broken process beyond domain names themselves to cover the contents of websites would make this censorship exponentially worse.

Donuts Are Not Healthy

Special interests who seek power to control others’ speech on the Internet often cloak their desires in the rhetoric of “multistakeholder” standards development. HDI’s use of terms like “process of consultation,” “best practices,” and “network of industry partners” fits this mold. But buzzwords don’t actually give legitimacy to a proposal, nor substitute for meaningful input from everyone it will affect.

The HDI proposal was written by a group of domain name companies. They include Donuts Inc., a registry operator that controls over 200 of the new top-level domains, like .email, .guru, and .movie. Donuts has taken many steps that serve the interests of major corporate trademark and copyright holders over those of other Internet users. These include a private agreement with the Motion Picture Association of America to suspend domain names on request based on accusations of copyright infringement, and a “Domain Protected Marks List Plus” that gives brand owners the power to stop others from using common words and phrases in domain names–a degree of control that they don’t get from either ICANN procedures or trademark law.

The “Healthy Practices” proposal continues that solicitude towards corporate rightsholders over other Internet users. This proposal begs the question: healthy for whom?

If past is prologue, we can expect to see heaps of praise for this proposal from the same special interests it was designed to serve, and from their allies in government who use Shadow Regulations like this one to avoid democratic accountability for unpopular, anti-user policies. But no talk of “self-regulation” nor “best practices” can transform an industry’s private wishlist into legitimate governance of the Internet, or an acceptable path for other Internet companies to follow.

February 10, 2017 at 02:08AM
via Deeplinks http://ift.tt/2ksn1e9

How the copyright industry works methodically to erode your civil liberties and human rights

How the copyright industry works methodically to erode your civil liberties and human rights
By Rick Falkvinge

In a previous column, I outlined how the copyright monopoly is fundamentally, irreparably incompatible with privacy at the conceptual level. While the copyright industry may appear behind the times — even outright dumb — it is a mistake to believe they’re unaware of this incompatibility. To the contrary, their persistent and consistent actions show they’re trying to erode privacy at every level and every turn in order to tip the balance toward preserving their distribution monopoly at the expense of civil liberties and human rights.

To talk of human rights and civil liberties are at risk when you’re doing something that’s technically illegal – such talk can easily come across as exaggerated and hyperbolic, even objectively false. In this case, there would be no shortage of people who dismissed people who share knowledge and culture — file-sharers and streamers – as mere criminals trying to excuse something illegal. It’s a little reminiscent of people who yell “that’s against the Constitution” at every corner when they see something they either don’t like or insist they have a right to do.

However, in the particular case of people sharing movies, music, and TV series, there’s an authority on the matter that is hard to dispute – the European Court of Human Rights, the foremost international human rights court that supersedes even the constitutions of 47 developed countries. This court has ruled super clear that interference with people’s right — yes, right — to share and partake of culture and knowledge freely is indeed a violation of human rights:

For the first time in a judgment on the merits, the European Court of Human Rights has clarified that a conviction based on copyright law for illegally reproducing or publicly communicating copyright protected material can be regarded as an interference with the right of freedom of expression and information under Article 10 of the European Convention. Such interference must be in accordance with the three conditions enshrined in the second paragraph of Article 10 of the Convention. This means that a conviction or any other judicial decision based on copyright law, restricting a person’s or an organisation’s freedom of expression, must be pertinently motivated as being necessary in a democratic society, apart from being prescribed by law and pursuing a legitimate aim. It is, in other words, no longer sufficient to justify a sanction or any other judicial order restricting one’s artistic or journalistic freedom of expression on the basis that a copyright law provision has been infringed. Neither is it sufficient to consider that the unauthorised use, reproduction or public communication of a work cannot rely on one of the narrowly interpreted exceptions in the copyright law itself, including the application of the so-called three-step test […]

Note how the Human Rights Court specifically states that undisputably breaking copyright law is insufficient for a conviction thereof – a prescribed law of code is just one of the three criteria that must be fulfilled to justify breaking the human rights charter. This, just by itself, is a legal bombshell. (It doesn’t stop people from getting convicted, but raises the bar a lot.)

This is consistent with my previous column where I describe how and why enforcement of the copyright monopoly online is utterly incompatible with privacy as we know it – for infringements take place in private communications that may both be used for super-protected communications like leaking evidence of abuse of governmental power to the press under protection-of-source laws, and for sharing music and movies, and if you’re going to make the latter discoverable, you’re also negating the legal protection of the former.

The copyright industry not just agrees with this analysis, but understands it deeply and has integrated it into their strategy.

To the copyright industry, the conflict between human rights and the exclusive distribution monopoly is crystal clear, and to them, nothing can get in the way of the exclusive distribution rights we know as copyright — nothing must be allowed to. Therefore, when it is recognized that the judiciary must prevent convictions based on the exclusive rights alone, and that privacy rights (as guaranteed by the law and government) get in the way of enforcement of the copyright monopoly, the copyright industry opted for a two-pronged approach:

First, the copyright industry strived to circumvent the judiciary altogether, aspiring for the right to go full Dredd and become judge, jury, and executioner.

It did so on multiple fronts. The most famous attempt would probably be the introduction of a Three Strikes scheme, where the copyright industry would be given the right to shut off a household’s internet access — that’s an entire household’s access — on the basis of three accusations of sharing in violation of the monopoly. (And as we all know, the copyright industry never makes mistakes.) The legal fight in the European Parliament was very telling, with one single word making all the difference: prior. The fight was over whether people subject to such exile from modernity should have access to prior legal due process — as in, the copyright industry wanted to shut people off first, and then, while shut off, only then could they seek legal redress. In effect, they wanted a right to circumvent the judiciary and shut hundreds of thousands of people off the net as a big-hammer collective punishment, scaring people into submission from the prospect of losing all contact with modern life.

Of course, such a scheme would require the copyright industry to have some jurisdiction over what Internet Service Providers could and could not do. We’ll be returning to that shortly.

France was first out with a three strikes scheme, creating a new authority – the Hadopi – which was tasked to shut down the Internet for misbehaving households (or households the copyright industry accused of misbehaving, anyway). The European Parliament saw through this attempt of the copyright industry’s, with the help of a lot of activists, and made the practice blatantly illegal in all of Europe. The relevant legislation even sported something called “the Hadopi test” – meaning that if the law code didn’t outright ban Hadopi, three strikes, and everything smelling remotely like it, the law wasn’t properly written yet. The European law passed a wording passing this test, and with that, three strikes was completely illegal in all of Europe – no state was at liberty to send people into exile from modern society by shutting off their household’s Internet access on mere accusations from an offended obsolete industry.

The end result was that the copyright industry couldn’t shut people off en masse as was planned, but had to resort to talking in “education efforts” in their PR material with regards to forcing Internet Service Providers to do their bidding. It was an enormous win for civil liberties in Europe and elsewhere.

However, the copyright industry has also tried suing ISPs directly to get a judicial order forcing them to censor the Internet on their behalf. While not technically circumventing the judiciary, it’s still avoiding dealing with the human rights issue as such on the prerequisite case-by-case basis. Perhaps most infamously, IFPI – the international record industry association founded in Mussolini’s Italy – sued Eircom, the largest Irish ISP, for the right to install “filtering” (censoring) equipment directly into their network. Yes, you read that right: a private industry demanded the right to silence any conversation it didn’t like, just because it felt (feels) entitled to do so.

Second, in order to erode and curtail privacy rights, the copyright industry sought a forced conscription of the Internet Service Providers to act as police on their behalf. In this way, the copyright industry would be able to introduce both proactive non-governmental censorship and mete out extrajudicial punishments, circumventing and curtailing the human rights “problem”.

In order to mete out these extrajudicial punishments – typically threats of a lawsuit, “pay up or else”, also known as copyright trolling, the more neutral speculative invoicing, the Hollywoodesque “an offer they can’t refuse”: in order to do this, the copyright industry obviously needed to know who’s operating behind an IP address. (This isn’t technically identifying user data, as ruled by courts, but the industry wasn’t deterred.)

In order to do this, it needed two separate legal mechanisms:

First, it needed the legal right to coerce an ISP to give out identifying information behind an IP address, something even the Police didn’t have the right to demand for mere everyday infringements of copyright.

Second, it needed a mandatory retention time for ISPs for such data, enabling retroactive surveillance or the everybody’s a suspect principle, so ISPs wouldn’t be able to protect the interests (and civil liberties) of their customers and delete the data immediately, thereby preventing the copyright industry from demanding it a week or so later.

The first mechanism was achieved by the IPRED federal law in Europe, which I described in a previous column, the law which was spearheaded in the European Parliament by the spouse of the CEO of Vivendi Universal, one of the big four record companies. This law is still in effect, and for a time, the copyright industry did indeed have more far-reaching powers to invade people’s privacy than even the Police. (The Police have rightfully argued that this is bad, but instead of reverting the private industry’s private policing rights, the governmental police instead argued they should have the same authority. They mostly do, today.)

The second mechanism, forcing ISPs to retain data so it could be demanded later, has been one of the most controversial things to happen to Europe (and elsewhere). The directive – the federal law – was passed in the European Parliament on December 14, 2004, and was called the Data Retention Directive. It basically required ISPs to store all identifying subscriber data for some period of time, at least six months, turning this privacy violation from “absolutely forbidden beyond direct billing needs” to “mandatory”. The European Supreme Court (the ECJ) struck it down as utterly unconstitutional in April of 2014, almost a decade later: the Court didn’t just nullify it onward, rather, the law was ruled so grotesque a violation of human rights it was retroactively ruled to never have existed.

It’s trivial to find massive copyright industry support for both of these mechanisms, not just in public consultations to law proposals, but pretty much at every trade show and political gathering at the time the laws were discussed.

In summary, the copyright industry understands full well that its distribution monopoly is incompatible with human rights, and is working consistently to remove those human rights in order to maintain enforcement of its commercial distribution monopoly at any cost.

Privacy remains your own responsibility.

The post How the copyright industry works methodically to erode your civil liberties and human rights appeared first on Privacy Online News.

February 9, 2017 at 04:29PM
via Privacy Online News http://ift.tt/2kT01Iu

Digital Rights Issues on the Horizon at the Supreme Court

Digital Rights Issues on the Horizon at the Supreme Court
By Kate Tummarello

The Supreme Court already has a list of digital civil liberties issues to consider in the near future, and that list is likely to grow.

If confirmed, President Donald Trump’s nominee to fill the late Justice Antonin Scalia’s seat on the Supreme Court—Judge Neil Gorsuch of the U.S. Court of Appeals for the Tenth Circuit—will be in a position to make crucial decisions affecting our basic rights to privacy, free expression, and innovation.

Privacy

The Supreme Court is being asked to consider a pair of cases dealing with law enforcement obtaining cell phone location records: the U.S. v. Graham ruling out of the Fourth Circuit Court of Appeals and the U.S. v. Carpenter out of the Sixth Circuit Court of Appeals. In both cases, the courts ruled that law enforcement did not need a warrant to obtain long-term, historical cell phone location data pinpointing a suspect’s location and movement.

EFF filed a brief asking the Supreme Court to consider the cases and arguing that previous rulings on the issue need to be reconsidered in light of how precise and revealing cell phone location data has become and as technology advances. “The dramatic increase in the number of cell phones and cell sites and the amount of detailed, sensitive location data they generate, combined with the quantity and extent of law enforcement demands for this data, show that it is time for this Court to address the Fourth Amendment privacy implications of [cell site location information],” we wrote.

Gorsuch’s rulings at the Tenth Circuit provide a possible glimpse of where he will come down on privacy issues. For instance, in a decision he wrote in U.S. v. Ackerman, Gorsuch found that Fourth Amendment protections apply in instances where a person or organization is searching emails on behalf of the government.

Free Speech

The Supreme Court is set to hear arguments on Packingham vs. North Carolina and consider the constitutionality of a North Carolina law that bans registered sex offenders from using online social media platforms that minors also access. In an amicus brief filed with the court, EFF and others argued that the state law violates the First Amendment.

Innovation and Fair Use

The Supreme Court has agreed to hear arguments in TC Heartland v. Kraft, a case centering on whether TC Heartland can have the infringement case against it considered in the company’s home state of Indiana instead of Delaware. EFF has supported TC Heartland, and a ruling in favor of reasonable venue limits could help tamp down on abusive patent lawsuits, which are often brought in the Eastern District of Texas despite any actual ties to that location because that court is perceived as being friendly to abusive suits.

The Supreme Court has also agreed to hear arguments in Impression Products v. Lexmark, a case about patent exhaustion, or whether a patent holder can put limits on how a customer can use, resell, tinker with, or analyze a patented product the customer has purchased. In a brief filed to the Supreme Court, we and others argued that allowing patent owners to control goods after sale threatens all sorts of activities—like security research, reverse engineering, and device modification.

The Court may also consider Lenz v. Universal, aka the dancing baby case, which centers around an individual whose fair use video was removed from YouTube because it had a Prince song playing in the background. In a brief filed for the petitioner, EFF argued that copyright holders should be held accountable if they force content to be taken down based on unreasonable charges of infringement. The Court has not yet decided whether to take the case but has asked for the Solicitor General’s views.

The Supreme Court has also been asked to consider whether the Patent Trial and Appeals Board should use the standard of common sense and knowledge of a skilled artisan to gauge the obviousness of a patent in the case Google v. Arendi. EFF has encouraged the court to take up the case, arguing that the court should bolster the country’s patent system by setting a stricter standard for obviousness.

February 6, 2017 at 10:03PM
via Deeplinks http://ift.tt/2kffT4x