EFF Files Second Round of Comments on New York’s BitLicense Proposal Print
Written by Administrator   
Friday, 27 March 2015 06:53

Today, EFF filed a second round of comments to the New York State Department of Financial Services (NYDFS) on its proposed regulatory rules for digital currencies like Bitcoin. EFF, the Internet Archive, and reddit filed initial joint comments to NYDFS back in October 2014, opposing the first draft of the “BitLicense” proposal. Thousands of concerned EFF members and friends also used our website to send in comments. In response to the deluge of public comments received on the initial regulations, the Department issued revised regulations on February 25, 2015. But while the second draft of the BitLicense proposal is better, it is still not great.

On a positive note, NYDFS did fix one of EFF’s greatest concerns with the original proposal. Namely, the first draft of the BitLicense proposal did not include an explicit carve out for those who merely develop or disseminate software. This threatened to place great recordkeeping burdens on software developers who create programs that enable people to store and transact with digital currencies, digital currency miners whose computing efforts are the source of digital currency, and even the Bitcoin Foundation and core members of the Bitcoin development team. The revised proposal explicitly fixes this through providing that “[t]he development and dissemination of software in and of itself does not constitute Virtual Currency Business.” This change is a step in the right direction for ensuring that the BitLicense regulations do not stifle innovation in the digital currency space.

But EFF still has other qualms with the proposal.

Most significantly, as we’ve said before, it’s too soon to regulate digital currency—an industry in its infancy. It’s premature to craft extensive regulations for an industry so new and still in flux. We think that New York should wait and see what the market does before rushing in to regulate. Implementing regulations now will only serve to stifle innovation.

In addition, the regulations—even as revised—do not sufficiently protect privacy, free expression, and innovation. Quite the opposite: the regulations affecting anonymity on the blockchain threaten user privacy, and the proposed BitLicense recordkeeping requirements are not only unduly burdensome, but they also create a massive consumer privacy risk as companies are forced to stockpile unnecessary mountains of data about digital currencies users. If NYDFS does move ahead with its plan to implement digital currency regulations, it needs to rethink these regulations and take care to build in safeguards to protect digital rights. As is, the proposed regulations undermine the unique civil liberties benefits digital currencies can offer.

The remaining problems with the proposed regulations may stem from the fact that NYDFS is moving far too quickly to enact digital currency regulations. This is evidenced by the fact that NYDFS provided only 30 days for public comment on its revised BitLicense proposal. This is simply not enough time for the public to comment on the unprecedented issue of digital currency regulation. NYDFS needs to slowdown its process and ensure that any regulatory framework is adopted with prudence—not haste.

We hope that NYDFS will again rethink its proposed regulations and allow more time for the public to weigh in on this important issue.

Read our full comments to NYDFS.

Related Issues: 

Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora  ||  Join EFF
France’s Censorship and Surveillance Initiatives Lack Judicial Review Print
Written by Administrator   
Friday, 27 March 2015 05:42

Following the terrorist attacks in Paris in January, including the murder of several journalists at the satirical newspaper Charlie Hebdo, we anticipated that the French government would overreact. Sure enough, recent reporting has revealed that France is censoring websites and pushing for broader surveillance powers.

According to the reporting, France has invoked a recently enacted law and censored five websites that the government deems incite or glorify terrorism, and the government plans to censor dozens more. Interior Minister Bernard Cazeneuve was quoted as saying, “I do not want to see sites that could lead people to take up arms on the Internet." He added, “I make a distinction between freedom of expression and the spread of messages that serve to glorify terrorism. These hate messages are a crime."

The reporting indicates that the government’s plan is to send blocking orders to Internet service providers (ISPs). However, when we tried to access one website mentioned,, we expected to reach the original content because we used a U.S.-based ISP not subject to France’s blocking order (French users are apparently redirected to a government page with a notice that the content on the site is being blocked because it incites or glorifies terrorism). Instead, at that address we reached a page advertising the web host’s services, indicating that the entire website has been taken down, not just blocked.

Any kind of censorship is problematic. Blocking Internet content at the ISP level, however, does not affect the existence of the content itself, just how the content can be accessed. Depending on how an ISP blocks content, blocked websites may be accessible using a different (non-complying) ISP; using a proxy technology like a virtual private network (VPN) or Tor; by typing in the website's IP address instead of its domain name; or by using an independent DNS server.

Taking down Internet content from its hosted location prevents the content from being accessed at all, which is especially disturbing if the takedown order was of questionable legality. We do not know if the content on was voluntarily taken down by the hosting company or if the takedown was in response to a government order.       

On the surveillance front, the French government is trying to make it easier to hack into citizens’ computers and mobile devices, and to conduct mass surveillance with the help of ISPs and telecommunications companies.

Both of France’s censorship and surveillance initiatives lack any judicial oversight. French judges apparently cannot authorize blocking, takedown, or surveillance orders, or review government requests to ensure that they are legal and otherwise appropriate.    

An independent judiciary is critical to a free society. The power of the legislative and executive branches of government must be checked by impartial judges in order to protect individual rights and ensure that the laws are followed. Article 8 of the Universal Declaration of Human Rights states, “Everyone has the right to an effective remedy by the competent national tribunals for acts violating the fundamental rights granted him by the constitution or by law.”

We urge the French government to consider how its censorship and surveillance efforts are impacting the free speech and privacy rights of French citizens, and we specifically call for judicial review to ensure that parliament or the executive ministries do not trample on those rights.

Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora  ||  Join EFF
UN Human Rights Council Appoints Special Rapporteur on the Right to Privacy Print
Written by Administrator   
Thursday, 26 March 2015 06:05

The Electronic Frontier Foundation is pleased with the United Nations Human Rights Council's (UNHRC) decision to adopt a resolution appointing a special rapporteur on the right to privacy.

This decision is a key step forward for the UNHRC; it elevates the right to privacy to the priority level that the Human Rights Council ascribes to most other human rights. Most importantly, it gives the right to privacy the international recognition and protection it deserves.

Special rapporteurs are independent experts appointed by the Human Rights Council who serve in a personal capacity and are mandated to report on human rights. They are not UN staff members and do not receive financial remuneration. The independent status of the mandate-holders is essential for the UN to impartially fulfill its functions.

This particular special rapporteur position will be appointed in June. They will play a crucial role in developing common understandings and furthering a considered and substantive interpretation of the right to privacy in a variety of settings. They will be responsible for carrying out systematic analyses, research, and monitoring the right to privacy across the world. The special rapporteur will also play a role in providing much-needed guidance to states and companies on its interpretation of the right to privacy. They will amass input from all relevant stakeholders to ensure a coherent and complementary approach to the interaction between privacy and other fundamental freedoms is developed. They will report to the UNHRC and the United Nations High Commissioner for Human Rights on alleged privacy violations, wherever they may occur, including challenges arising from new technologies. They will draw attention to situations of particular concern and submit an annual report to the UNHRC and the General Assembly.

The UNHRC’s resolution is indeed a positive step toward ensuring the global protection of the right to privacy, but it is only a first step, and it will not alone prevent countries from conducting mass surveillance practices. Now the onus rests on all of us to bring local unchecked surveillance cases to the attention of the new special rapporteur and ensure that the new rapporteur is knowledgeable on privacy and data protection, technology, and human rights.

Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora  ||  Join EFF
DMV Photo-Sharing, Facial Recognition Nixed from California Strategic Plan Print
Written by Administrator   
Thursday, 26 March 2015 02:55

More than 1,500 Californians over the last two weeks joined EFF in an email campaign to defeat a proposal by an obscure committee within the California Department of Justice that would have compromised the privacy and security of their driver-license photos.  As part of its strategic plan, the committee had approved a goal to share driver and mugshot photos with a national law enforcement network and allow police to leverage facial recognition technology against the image database.

The committee listened to your letters.

At its meeting on Wednesday, the CLETS Advisory Committee (CAC) voted unanimously to delete “Goal 8,” which encompassed both the image sharing and facial recognition, from its strategic plan. (CLETS, by the way, stands for the California Law Enforcement Telecommunications System, the statewide police information-sharing network.)

In a letter [PDF] to CAC and its Stranding Strategic Planning Subcommittee, EFF pointed out that the committee in previously approving the goal had disregarded warnings from the California Department of Motor Vehicles that photo-sharing and facial recognition were not authorized under state law. Despite those warnings, CLETS staff applied for a grant to build out the system and began arranging lobbying meetings with law enforcement associations as if the legal roadblocks were mere inconveniences to overcome.  

At yesterday’s meeting, we also learned that those meetings had been canceled after legal staff raised concerns that they couldn’t be held without running afoul of California’s open meetings laws.

It’s great news that facial recognition and photo sharing are no longer on the table, but we remained concerned about several other CAC strategic goals, including biometric collection for infractions and GPS tracking of offenders.  As we told the committee at its the meeting: 1,500 emails was only the beginning and we will continue to shine light on their plans.



Related Issues: 

Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora  ||  Join EFF
Locking In Public Access to Scientific Knowledge by Unlocking Scholarly Research Print
Written by Administrator   
Wednesday, 25 March 2015 07:29

Promising public access legislation FASTR (Fair Access to Science & Technology Research Act) has been re-introduced by a bipartisan coalition in Congress. Lawmakers now have an important opportunity to strengthen and expand rules that allow taxpayers to freely read articles resulting from research their tax dollars support. EFF continues to encourage legislators to pass this bill as an important step forward—though there are still some measures to improve.

Take action to support FASTR right now.

Shortly after FASTR was initially introduced in 2013, the White House released a directive requiring the results of research funded by major federal government entities to be made freely available to the public. In the two years since, eight agencies and departments have begun complying with that directive by releasing plans for putting research online.

Those steps have been successful and effective, and make a strong case for FASTR. The White House Directive is good, but codifying it through Congressional legislation would create a more stable rule, guaranteeing that the public's access is placed beyond the reach of any future presidential administration with different priorities.

Further, FASTR would strengthen the public access provisions in the Directive by reducing the embargo period—the length of time after research is published before it must be made freely available to the public—from 12 months down to six.

One major drawback of both the White House Directive and the FASTR legislation is the lack of an open licensing requirement. Public access is an important first step, but without open licensing, valuable secondary uses—like data mining, major cross-discipline analysis projects, and redistribution efforts—could be caught under a cloud of copyright uncertainty. In order to make the upgrade from “public access” to real “Open Access,” future rules should include a requirement for the products of research to be released under a free license, like the Creative Commons Attribution (CC BY) license EFF uses for its publications.

Tell your lawmakers to support FASTR today.

FASTR's reintroduction comes at an exciting time for the open access movement: the movement has now been building steam for over a decade, and has chalked up some major successes. Also last week, the Wikimedia Foundation released a thorough Open Access policy that sets a strong example for non-governmental organizations. Under that policy, the results of research that Wikimedia supports through grants or collaboration must be released under a free license.

Related Issues: 

Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora  ||  Join EFF
Tech Companies and Privacy Advocates to Congress: End Mass Spying Now Print
Written by Administrator   
Wednesday, 25 March 2015 00:52

A letter sent from major tech companies and civil society groups demanded Congress end the mass collection of calling records under Section 215 of the Patriot Act before an upcoming June 1 expiration date. The letter was signed by the Reform Government Surveillance coalition; which represents major tech companies like Google, Microsoft, and Yahoo; and, privacy groups like ACLU and EFF.

Specifically, the letter urges

a clear, strong, and effective end to bulk collection practices under the USA PATRIOT Act, including under the Section 215 records authority and the Section 214 authority regarding pen registers and trap & trace devices.  Any collection that does occur under those authorities should have appropriate safeguards in place to protect privacy and users’ rights.

Even though the Attorney General and Director of National Intelligence have said the USA Freedom Act retains operational capabilities, the commitment by companies to end bulk collection is an important step in a Republican-led Congress that has increasingly used national security threats to stave off Section 215 reform.

The letter sends Congress a clear message: any bill to reform Section 215 must end mass collection, provide transparency requirements, and avoid adding any data retention or technology mandates. In the past we've defined ending bulk collection as a simple ban on mass spying. Similarly, groups like the Center for Democracy and Technology have noted that ending bulk collection means prohibiting the large-scale government collection and retention of non-public records about persons who are not connected to national security threats. Other groups, like the Open Technology Institute, have included the use of "an exclusive list of 'unique' identifiers" as a way to successfully end mass collection under Section 215.

We agree. And we hope Congress gets the message that any bill to fix Section 215 must concretely end the mass collection of records.

Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora  ||  Join EFF
Indian Victory Bears Out the Need for the Manila Principles Print
Written by Administrator   
Tuesday, 24 March 2015 08:59

This week, on the edges of RightsCon Southeast Asia in Manila, Philippines, digital rights groups from around the world came together for two days of intensive work to finalize a new, ambitious standard to safeguard freedom of expression and innovation online. The approach the document takes to further these objectives is by focusing on the liability of Internet intermediaries—such as search engines, web hosts, social networks, domain hosts and ISPs—for online content of their users. Hence the document, officially launched today to applause from delegates of every continent, is named the Manila Principles on Intermediary Liability.

The six simple principles that the document advances, in summary form, are:

  1. Intermediaries should be shielded by law from liability for third-party content
  2. Content must not be required to be restricted without an order by a judicial authority
  3. Requests for restrictions of content must be clear, be unambiguous, and follow due process
  4. Laws and content restriction orders and practices must comply with the tests of necessity and proportionality
  5. Laws and content restriction policies and practices must respect due process
  6. Transparency and accountability must be built in to laws and content restriction policies and practices

By chance, on the very same day that the Manila Principles were released, a far-reaching court decision [PDF] was handed down that shows exactly why principles such as these as important. The decision, of the Supreme Court of India, struck down the notorious Section 66A of the Information Technology Act, which since 2009 had allowed both criminal charges against users and the removal of content by intermediaries based on vague allegations that the content was “grossly offensive or has menacing character”, or that false information was posted “for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will”. Not only is the potential overreach of this provision obvious on its face, but it was, in practice, misused to quell legitimate discussion online, including in the case of some of the plaintiffs in that case—two young women, one of whom made an innocuous Facebook post mildly critical of government officials, and the other who “Liked” it.

The court's judgment ruled that section 66A infringed the fundamental right of free speech and expression guaranteed by Article 19(1)(a) of the Constitution of India. Justice Nariman wrote:

Information that may be grossly offensive or which causes annoyance or inconvenience are undefined terms which take into the net a very large amount of protected and innocent speech. A person may discuss or even advocate by means of writing disseminated over the internet information that may be a view or point of view pertaining to governmental, literary, scientific or other matters which may be unpalatable to certain sections of society. … In point of fact, Section 66A is cast so widely that virtually any opinion on any subject would be covered by it, as any serious opinion dissenting with the mores of the day would be caught within its net. Such is the reach of the Section and if it is to withstand the test of constitutionality, the chilling effect on free speech would be total.

The relevance to the Manila Principles arises in that the intermediary liability provisions of Indian law were also under consideration in the case. Section 79 of the Act provided that an intermediary's immunity from liability could be suspended if it fails to take down content upon “receiving actual knowledge, or on being notified by the appropriate Government or its agency that any information, data or communication link residing in or connected to a computer resource controlled by the intermediary is being used to commit [an] unlawful act”. The court ruled—channelling principle 2 of the Manila Principles—that section 79 did not make intermediaries liable for such illegal content unless they failed to comply with a court order directing them to remove it. The court did not go further and strike down rules that allow for court-ordered blocking, as we think it should have done, but nonetheless this case is a victory against government overreach that attempts to use intermediaries as a chokepoint to restrict constitutionally protected communication online.

This landmark Supreme Court of India decision vindicates the approach we took in the Manila Principles, holding that there are no circumstances in which private parties should be able to force content offline simply by sending a notice to an Internet intermediary; because this opens the floodgates for the infringement of users' freedom of expression and other human rights online, as well as inhibiting intermediaries from offering innovative services that build on user-generated content. We'll be writing more about the Manila Principles on Intermediary Liability in future posts. Meanwhile, we encourage you to read the principles in full and to add your endorsement if you agree that intermediaries should not be made liable for their users' communications, in order to promote freedom of expression and online innovation.

Related Issues: 

Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora  ||  Join EFF
White House Confirms: If Section 215 Expires, So Does Bulk Phone Records Collection Print
Written by Administrator   
Tuesday, 24 March 2015 07:52

There’s some good news coming from the White House today that deserves repeating. Reuters is reporting that Ned Price, a spokesman from the President’s National Security Council, has unequivocally stated:

If Section 215 sunsets, we will not continue the bulk telephony metadata program.

Section 215 of the Patriot Act is the authority that the NSA, with the FBI’s help, has interpreted to allow the U.S. government to vacuum up the call records of millions of innocent people. It expires on June 1.

Some journalists and privacy advocates have speculated that, even if Section 215 were to expire in the absence of other legislation, bulk collection could continue under Section 102(b) of Public Law 109-177, which some have said would allow investigations that began before the expiration of Section 215 to continue. In November, Charlie Savage at the New York Times reported that the provision could mean that:

as long as there was an older counterterrorism investigation still open, the court could keep issuing Section 215 orders to phone companies indefinitely for that investigation.

We agree with ACLU deputy legal director Jameel Jafeer that “it would be ‘perverse’ to interpret the exception as permitting the government to ‘bootstrap itself into permanent Section 215 authority.’” But we do think that looking for loopholes in the language that governs surveillance makes perfect sense—after all, the government’s twisted interpretation of words related to surveillance is well-documented.

That’s why we’re pleased to see this announcement. If the importance of the June 1 expiration of Section 215 wasn’t already apparent, it’s clear now. With the clock ticking, Congress is running out of time to pass legislation that will reform bulk surveillance.

In fact, despite the Administration’s push for reform legislation, it looks increasingly likely that the next vote Congress will face on NSA spying is the June 1 sunset. That’s why contacting Congress about the vote is so important—lawmakers should understand that their vote is a statement about where they stand on the Constitution.

And, while the White House also claimed in its comments to Reuters that Section 215 is a “critical security tool,” the Administration’s own Presidential Review Group stated in a report [pdf]:

the information contributed to terrorist investigations by the use of section 215 telephony meta-data was not essential to preventing attacks[.]

Unless the Administration is playing the same kind of word games with “critical” and “essential” as it has with other words, it's pretty clear that if Section 215 isn’t even essential, it’s hardly critical. Other analyses of Section 215, both from the government and from outside researchers, have come to the same conclusion.

If you agree that it’s time to end mass surveillance, contact Congress and tell them what you expect to see: a no vote on reauthorization of Section 215 on June 1, along with some real comprehensive reform to NSA spying.

Related Issues: 

Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora  ||  Join EFF

Page 1 of 2