coldtail.com
A Raíz de la Filtración de Hacking Team, EFF y Grupos de Sociedad Civil en Latinoamérica Hacen un Llamado por Mayores Salvaguardas Respecto a las Tecnologías de Vigilancia Print
Written by Administrator   
Tuesday, 07 July 2015 05:37

La comunidad de seguridad digital ha estado reaccionando esta semana a documentos filtrados de la empresa de vigilancia italiana Hacking Team. Los materiales, que incluyen listas de contratos y propuestas de venta a algunos de los peores regímenes autoritarios y a países con débiles democracias, muestran una industria global de ventas de software a los estados que pueden, casi sin límite, invadir y espiar los ordenadores personales y dispositivos móviles.

Entre todas las filtraciones se hallaron informaciones que revelan una preocupante comercialización de este tipo de tecnologías en América Latina. EFF, Derechos Digitales, Fundación Karisma, R3D.mx y nuestras colegas de la región han emitido un comunicado a los gobiernos de América Latina, exigiendo una mayor transparencia sobre cómo los Estados latinoamericanos están utilizando - o mal utilizan - spyware como el vendido por Hacking Team. Esto es sólo el comienzo de una extensa y necesaria revisión del uso de estas herramientas, no sólo en América del Sur, sino en todos los países que implementen tecnologías de vigilancia intrusiva y sin supervisión o rendición de cuentas públicas.

Gobiernos de América Latina compran software espía de Hacking Team

El domingo 5 de julio, se expusieron públicamente 400GB de información de la empresa italiana Hacking Team, dedicada a la comercialización de software de espionaje para gobiernos. Los documentos incluyen facturas, correos electrónicos, datos fiscales y código fuente, entre otros archivos. Las revelaciones permiten entender los alcances a nivel global de Hacking Team, una compañía que fue catalogada en 2013 por Reporteros Sin Fronteras como uno de los “enemigos de Internet”.

El software de espionaje comercializado por Hacking Team, conocido también como DaVinci o Galileo, es un programa que infecta los dispositivos de la persona atacada, permitiendo sustraer datos, mensajes, llamadas y correos electrónicos. El atacante también obtiene acceso al micrófono, cámara y teclado para registrar imágenes, audio o cualquier otra actividad sin conocimiento de la persona afectada.

En la filtración se halló que seis países de América Latina son clientes de Hacking Team: Chile, Colombia, Ecuador, Honduras, México y Panamá. Dependencias como la Policía de Investigaciones de Chile (PDI), la Secretaría de Inteligencia de Ecuador (SENAIN)  la Dirección de Inteligencia Policial de Colombia (DIPOL) o el Centro de Investigación y Seguridad Nacional de México (CISEN) han adquirido licencias de software de control remoto (RCS) a la empresa italiana. En el caso de México, se identificaron hasta 14 contratos individuales con la compañía, por parte del gobierno federal y los gobiernos estaduales, algunos de ellos sin facultades legales para la intervención de comunicaciones privadas.

Las organizaciones de la sociedad civil de América Latina rechazamos la venta y adquisición de estos programas de vigilancia, que sin controles adecuados, ponen en riesgo los derechos humanos de la región, por los siguientes motivos:

  1. El proceso de compra ha sido realizado con total opacidad. Exigimos que los Estados involucrados realicen esfuerzos para asegurar la transparencia de sus actividades de inteligencia, en particular relativos a la compra y tipo de     utilización efectiva de tecnologías que permiten vigilancia informática, ante la posibilidad real de que este software esté siendo utilizado para espiar a activistas y disidentes sin causa justificada. En 2013, la firma Kaspersky ya demostró que DaVinci fue usado para el espionaje de activistas políticos en el Medio Oriente.

  2. Debido a los bajos estándares de control legal en la adquisición y uso de las tecnologías de vigilancia en la región, se necesita una discusión abierta en los Congresos nacionales acerca de las leyes que rigen y regulan las actividades de vigilancia, sometidas al escrutinio público. Ante la posibilidad técnica de que estas actividades pongan en riesgo derechos humanos, estas legislaciones deben reflejar los estándares más altos y sujetar las acciones de los organismos de inteligencia a la autorización previa de un organismo judicial imparcial e independiente.

  3. Las labores de vigilancia de los gobiernos deben regirse bajo el principio de proporcionalidad, agotando todas las instancias legales posibles antes de violar la privacidad de un individuo. Se debe abogar por las medidas menos intrusivas y por la existencia de puntos de control estrictos. De lo contrario, no solo se violenta el derecho a la privacidad, sino que se atenta contra la  libertad de expresión, el derecho a la información, la libertad de circulación y de asociación; así como el completo ejercicio de los derechos humanos.

La empresa Hacking Team y los gobiernos involucrados son responsables de dicho espionaje en la esfera internacional. Exigimos que las empresas tengan como prioridad el respeto de los derechos humanos y no los contratos de prestación de servicios con gobiernos opresores y abusivos. A los Estados, exigimos que respeten los derechos humanos de sus ciudadanos, cesen dichas prácticas ilegales de vigilancia y transparenten el objetivo de la compra de software, el presupuesto público gastado en cada caso y las garantías tanto legales como procedimentales para evitar la violación de derechos.

Firmas

  • ACI-Participa (Honduras)
  • Asociación por los Derechos Civiles - ADC (Argentina)
  • Artículo 19 (México y Centroamérica)
  • ContingenteMX México)
  • Derechos Digitales (América Latina y Chile)
  • EFF
  • Enjambre Digital (México)
  • R3D - Red en Defensa de los Derechos Digitales (México)
  • Fundación Karisma (Colombia)
  • RedPato2 (Colombia)
  • Fundación para la Libertad de Prensa - FLIP (Colombia)

Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora  ||  Join EFF
Read more...
 
In Light of Hacking Team Leaks, EFF and Latin American Civil Society Groups Call for Greater Oversight of Surveillance Technology Print
Written by Administrator   
Tuesday, 07 July 2015 03:53

The digital security community has been reacting this week to leaked documents from italian surveillance company Hacking Team. The documents, which include lists of contracts and sales pitches to some of the worst authoritarian regimes and countries with weak democracies, show a global industry of sales to states of software that can invade and spy on personal computers and mobile devices almost without limit. Buried in that data was information that reveals a disturbing trade in such technology across Latin America. EFF, together with our colleagues in the region, has issued a statement to the governments of the region, demanding more transparency on how Latin American states are using -- or misusing -- spyware like that sold by Hacking Team.  This is only the beginning of a long-needed review of the use of this tools, not just in South America, but everywhere that countries deploy intrusive surveillance technology without oversight or accountability.

Sociedad Civil de América Latina rechaza software espía de Hacking Team

On Sunday, July 5, over 400GB of information was publicly exposed from the Italian firm Hacking Team, a company dedicated to the commercialization of government spying software. The documents include invoices, emails, tax data and source code, among other files. The revelations allow us to understand the global reach of Hacking Team, a company that was listed in 2013 by Reporters Without Borders as one of the "enemies of the Internet."

The spying software sold by Hacking Team, also known as DaVinci or Galileo, include software that infects the devices of the attacked person, allowing the harvesting of information, messages, calls, and emails. The attacker also gains access to their target's microphone, camera, and keyboard to record images, audio, or any other activity without the knowledge of the person concerned.

The leaks indicate that six countries in Latin America are clients of Hacking Team: Chile, Colombia, Ecuador, Honduras, Mexico, and Panama. Agencies like the Investigations Police of Chile (PDI), the Secretariat of Intelligence of Ecuador (SENAIN), the Directorate of Police Intelligence of Colombia (DIPOL), and the Center for Investigation and National Security of Mexico (CISEN) have all acquired software licenses remote control (RCS) from the Italian company. In the case of Mexico, the leak identifies 14 individual contracts between the company and federal and state governments, many of whom lack the legal authority to intercept private communications.

Latin American civil society groups reject the sale and purchase of these monitoring programs without adequate controls and that put human rights at risk in the region, for the following reasons:

  1. The buying process was conducted in complete secrecy. We demand that the States concerned make efforts to ensure the transparency of their intelligence activities, in particular  the purchase as well as the effective usage of the surveillance technology especially given  the real possibility that this software is being used to spy on activists and dissidents without cause. (In 2013, the firm Kaspersky had already shown that DaVinci was used for spying on political activists in the Middle East.)

  1. Given the poor standards of existing legal controls on the acquisition and use of surveillance technologies in the region, we need an open and public debate in Congress about the laws that govern and regulate surveillance activities, subject to public scrutiny. These activities have the potential to violate human rights, and so our laws must reflect the highest standards and require intelligence agencies to require prior authorization by an impartial and independent judicial body.

  1. Government surveillance must abide by the principle of proportionality, exhausting all possible legal remedies before violating the privacy of an individual. It should pursue the least intrusive measures and have clear points of strict control. Otherwise, not only do we risk violations of the right to privacy, but we also undermine our right to freedom of expression, the right to information, freedom of movement and association, and the full exercise of all other human rights.

  1. The company Hacking Team and the governments involved are responsible for this spying in the international arena. We demand that companies respect human rights. There should be no contracts to provide services with oppressive and abusive governments. We demand states respect the human rights of their citizens, to cease such illegal surveillance practices, and be transparent about the use of purchased surveillance software, the cost to taxpayer in each case, and the legal and procedural guarantees that are used to prevent a massive intrusion on people’s rights.

Firmas

  • ACI-Participa (Honduras)
  • Artículo 19 (México y Centroamérica)
  • ContingenteMX México)
  • Derechos Digitales (América Latina y Chile)
  • EFF
  • Enjambre Digital (México)
  • R3D - Red en Defensa de los Derechos Digitales (México)
  • Fundación Karisma (Colombia)
  • RedPato2 (Colombia)
  • Fundación para la Libertad de Prensa - FLIP (Colombia)

Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora  ||  Join EFF
Read more...
 
EFF's 25th Anniversary Party Preview Print
Written by Administrator   
Tuesday, 07 July 2015 03:48

We're just days away from celebrating EFF's 25th anniversary in San Francisco on Thursday, July 16. We'll be starting with an afternoon minicon, and then having a rocking party in the evening. We hope you can join us!

The party kicks off at DNA Lounge at 8 pm. We're excited to have special guest co-emcees for the evening, Cory Doctorow and Wil Wheaton! Cory is a science fiction author, activist, journalist and blogger. He's the co-editor of Boing Boing and the author of many books, most recently: In Real Life, a graphic novel in collaboration with illustrator Jen Wang; Information Doesn't Want to be Free, an examination of earning a living in the Internet age; and Homeland, the award-winning, best-selling sequel to the 2008 young adult novel Little Brother. Wil is an actor, activist, writer, and all-around champion of geekdom. He is the creator, producer, and host of the popular web series Tabletop, which pits him against celebrity guests playing their favorite board games, and Titansgrave, a role-playing game serial show.

Our lineup of guest musicians—Midtown Social, Dual Core, and A Plus D—promise to make this party extra memorable. Midtown Social is a high-energy, 9-piece ensemble blending soul, funk, and rock, and we're excited to start our celebrating with their distinct style and spirit. We'll also enjoy a performance from hip hop duo Dual Core, pioneers of the nerdcore genre, fiendishly clever lyricists, and long-time EFF supporters. A Plus D, also known as DJs Adrian and Mysterious D, will close off the evening with masterful mash-ups. A Plus D are the creators, producers, and DJs of Bootie, the the world's biggest bootleg mashup club night. As tireless torchbearers of the mashup artform, the colorful duo spin a bootlegged blend of pop, electro, indie, hip-hop, rock, '80s & '90s retro, and whatever else moves a dance floor. We know from experience—they know how to bring the party.

In addition to special toasts, live music, and dancing, we have a few other fun surprises for our guests. You can, at your discretion, commemorate the evening with a opt-in photo at our photobooth. We'll also have art by Sustainable Magic, who bring creativity into the world by inspiring, creating, and educating with interactive art. Keep your eyes peeled throughout the night for their work around DNA Lounge, including welded flowers with motion-activated petals that bloom to reveal rainbow LED light shows amid clusters of fiber optic stalks.

Minicon-only tickets are $25, and party-only tickets are $40. A ticket good for both events is available for $50, or $45 for current EFF members. Get your ticket today!

If you can’t make it and still want to help commemorate this milestone, please consider giving to the EFF25 membership drive, our campaign to add 2,500 new and renewing members before our anniversary celebration, ensuring digital rights have an advocate for years to come.

For more information, email This e-mail address is being protected from spambots. You need JavaScript enabled to view it . We're looking forward to celebrating with you!

Special thanks to Automattic for their sponsorship and support!


Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora  ||  Join EFF
Read more...
 
Europe Blocks Progress for Libraries and Educators at WIPO Print
Written by Administrator   
Tuesday, 07 July 2015 03:22

Last week negotiators from around the world came together as the World Intellectual Property Organization's (WIPO) standing committee on copyright (SCCR) resumed consideration of its two current work items: the on-again, off-again broadcasters' rights treaty, and the harmonization of minimum copyright limitations and exceptions for libraries, archives, and education.

EFF has opposed the former for close to a decade because it would give broadcasters new exclusive rights over any material that they broadcast, regardless of whether they own the copyright in that content, nor whether it is copyrightable at all. We support the latter, because it would clarify the rights of librarians, archivists and educators to carry out their important missions in the digital age, and as such is a natural and overdue counterpart to the WIPO Internet Treaties which similarly updated the rights of copyright owners almost two decades ago.

On both counts, the week ended in a by-now familiar impasse, with no formal agreement being reached on either subject. But in the case of the broadcasting treaty, there was a sense of progress. Most member states now agree that new rights should be extended to traditional broadcasters to prohibit the unauthorized use of broadcast signals in the course of a transmission over any technological platform—including the Internet.

We are concerned at the forward momentum of this ill-considered proposal in the SCCR, which would grant new privileges to an industry that is doing perfectly well without them. This would come at the cost of users and innovators who would be cut off from exploring a range of transformative activities using broadcast media including public domain material.

Europe Doesn't Want an “Effective Solution”

The looming prospect of new broadcasters' rights is worrisome enough, but just as concerning is the unsympathetic reaction that libraries, archives and educators received over their pleas for an instrument that would secure their ability to function in the online environment—to give just one example, allowing libraries to lend digital copies of documents to institutions in other countries.

Much of the blame for this can be laid on the European Union. Their representatives have been absolutely uncompromising against any recognition of the challenges that libraries, archives, and educators face in a world where their traditional activities now typically involve acts of digital copying, yet where the limitations and exceptions to authorize this are patchy and inconsistent.

The meeting's chair had prepared a set of weak compromise recommendations that eventually most of the developed (“Group B”) states, as well as the Central European and Baltic States (“CEBS”) grudgingly accepted, which would have directed the Committee “to continue and expedite its work on the topic of limitations and exceptions for libraries and archives” and “for educational, teaching and research institutions and persons with other disabilities.”

For the regional groups from Latin America, Africa, and Asia, the compromise was too weak, and they pushed for stronger language that called for work towards an “international legal instrument in whatever form,” which in itself is short of a call for a treaty. In the end a further compromise between these positions and the chair's draft, “to focus work towards an effective solution to the issues that affect libraries and archives,” was inexplicably rejected by the European Union, and the meeting concluded with no recommendation whatsoever.

This leaves the future of the committee's work on limitations and exceptions in the hands of the next WIPO General Assembly, which is a larger meeting of WIPO states that covers all topics, not just copyright. Having said that, there is no assurance that anything will be agreed there either, since the last General Assembly ended in a stalemate too.

The Future of the SCCR?

With little progress being made on the issues currently before the committee, delegates have been searching for new work items that might produce quicker results. During this meeting, one such new item was proposed—a resale royalty right for visual artists, which would entitle them to a cut of the proceeds of the resale of their works. But since such a right contravenes the U.S. first sale doctrine, this hardly seems a likely candidate for swift passage through the SCCR either.

The new proposal is symptomatic of a false assumption of European policymakers, also evident in the broadcasting treaty proposal, as well as the link tax or “ancillary copyright” proposals. The assumption being that the solution to the economic distress of creators or creative industries is to encumber their work with additional copyright-like rights. They could not be more wrong.

To the extent that markets are unable to support creators to the extent that society deems optimal, there are many other mechanisms, both public and private, available to support them, a few of which include grants, endowments, prize funds, and crowdfunding. Europe should be looking more closely at those, rather than doubling-down on exclusive rights that impede access to knowledge and culture.

But until Europe is prepared to engage in a constructive and balanced manner, it is difficult to see what kind of future the Standing Committee on Copyright has. The days when it was seen as WIPO's role to promote rightsholders' interests only are long gone; the Marrakesh Treaty for the blind and visually impaired is proof of that. The developing country regional blocs won't stand by and allow Europe a free pass on its pro-rights-holder measures without any quid pro quo for users. Neither will EFF.


Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora  ||  Join EFF
Read more...
 
FBI's Revival of Crypto Wars Part II Continues At Two Hearings in Congress Print
Written by Administrator   
Tuesday, 07 July 2015 02:32

The FBI wants to ensure everyday people can't use strong encryption. For over nine months FBI Director James Comey has been pushing the FBI's twenty-year-old talking points about why he wants to reduce the security in your devices, rather than help you increase it. Director Comey will appear at two hearings about cryptography on July 8: The first in front of the Senate Judiciary Committee, followed by another in front of the Senate Intelligence Committee.

Here's a summary of the many myths and misstatements you'll hear from Director Comey. If they sound familiar, it's because regulating and controlling consumer use of encryption was a proposal declared dead in 2001 after threatening Americans' privacy, free speech rights, and innovation for nearly a decade. Comey and others are trying desperately to bring this idea back to life, and just like last time, we need your help to make sure that doesn’t happen. 

Director Comey will probably say, "Backdoors or weakening encryption won't create security risks."

This simply isn’t true. But you don’t have to take our word for it—you can read what an all-star cast of computer scientists and security researchers has to say about this myth.1

What are some of the problems? First, it's hard to secure communications properly even between two parties. Cryptography with a back door adds a third party to the secure communications channel, requiring a more complex protocol, and as computer security expert Steven Bellovin puts it: "Many previous attempts to add such features have resulted in new, easily exploited security flaws rather than better law enforcement access." In the past, security researcher Susan Landau has pointed to actual security holes in Cisco wiretapping architecture designed to accommodate law-enforcement requirements. The same is true for Google, which had its "compliance" technologies hacked by China.

All of these are examples of how backdoors make it to easier to break into communications networks. In the past Director Comey has said that smart people will be able to overcome these technical problems, but a who’s-who of computer security and encryption experts (including some of the same people who invented the encryption the Internet relies on today) disagree.

The bottom line is that backdoors are a threat to computer security. Director Comey should already know this.

Director Comey will probably say, "Companies can create backdoors only for the 'good guys.'"

The FBI is trying to convince the world that some fantasy version of security is possible—where "good guys" could have a back door or extra key to your home but bad guys could never use it. Anyone with even a rudimentary understanding of security can tell you that's just not true. In a previous speech, Director Comey called for a "debate" on the topic. But the "debate" Comey calls for is phony, and we suspect he knows it. Instead, Comey wants everybody to have weak security, so that when the FBI decides somebody is a "bad guy," it has no problem collecting personal data.

Director Comey will probably say, "U.S. backdoors will help stop the 'bad guys.'"

Users who want strong encryption will be able to get it — from Germany, Finland, Israel, and many other places in the world where it's offered for sale or for free. In 1996, the National Research Council did a study called "Cryptography's Role in Securing the Information Society," nicknamed CRISIS. The study noted encryption products are available from multiple countries and US government publications, which comprise a wide source of material almost impossible to censor. Unless the government wants to mandate that you are forbidden from running anything that is not U.S. government approved on your devices, they can't stop bad guys from getting access to strong encryption.

Director Comey will probably say, "It is lawful and Constitutional."

The details of how a ban on strong cryptography or other backdoor mandate will be unconstitutional will vary, but there are serious problems with nearly every iteration of a "no real encryption allowed" proposal we've seen so far. Some likely problems:

  • The First Amendment would likely be violated by a ban on all fully encrypted speech.
  • The First Amendment would likely not allow a ban on software that allows untappable secrecy. Software is speech, after all, and this is one of the key ways we defeated this bad idea last time.
  • The Fourth Amendment would not allow requiring disclosure of a key to the backdoor into our houses so the government can intrude on our "papers" in advance of a showing of probable cause, and our digital communications must not be treated any differently.
  • The Fifth Amendment prohibits any required disclosure of one’s private papers (likely including cryptographic keys) and the forced utterance of incriminating testimony.
  • The Constitution protects, in one form or another, a right to privacy. Both the right to be left alone and informational privacy rights would be implicated by the scheme that Director Comey is suggesting.

Encryption Must Continue to Flourish

We're sure Director Comey will pitch some scary hypotheticals to the committee members and the public about why weak encryption must exist. But the FBI has been reading from that same script since 1995 under former FBI Director Louis Freeh. Director Comey is wasting time—his, ours, and Congress’—relitigating an issue that the FBI and federal government fought—and lost—in the 1990s called the Crypto Wars. Some reprisals from the 1990s are worth it. But others—including the FBI's move to weaken our encryption—should remain forgotten.

You can watch the streams online at the Judiciary and Intelligence Committee's websites. You can also help make sure encryption continues to flourish by voicing your support. And don’t forget to check back after the hearings for any updates.

  • 1. Full disclosure: two of the authors of the MIT report (John Gilmore and Bruce Schneier) are members of EFF’s board. They co-wrote the report in their individual capacities, however, and not on behalf of EFF.

Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora  ||  Join EFF
Read more...
 
Powerful Coalition Letter Highlights Danger of ICANN’s New Domain Registration Proposal Print
Written by Administrator   
Tuesday, 07 July 2015 00:35

EFF has joined 45 organizations and 105 individuals to oppose a new domain registration proposal in front of the Internet Corporation for Assignment of Names and Numbers (ICANN). From Academy Award-winning documentary film director Laura Poitras to the National Council of Women's Organizations to Chayn, an organization that works to combat domestic violence in Pakistan, the vast array of organizations and individuals signed on to this letter reflect just how misguided this proposal is. We hope ICANN will reject the flawed proposal, which comes from a smaller ICANN Working Group, especially in light of this unified opposition.

ICANN is the nonprofit corporation that oversees the global domain name system, and it sets the policies that govern domain name registrar companies. Every domain name has an entry in the public WHOIS database that anyone can view, and it includes, at the least, a name, mailing address, and phone number.

Domain registrants have long been able to use domain privacy services, sometimes called proxy registration. When using a privacy service, the service’s own contact information appears in the WHOIS database instead of the domain owner’s. The Working Group’s new proposal would require privacy services to turn over the domain registrant’s private contact information, or even list that information in the public database, based on a mere accusation of copyright or trademark infringement—no court order required.

Even worse, a few members of the Working Group would like ICANN to ban privacy services entirely for websites that are used for a “commercial purpose”—which is broadly defined, and includes “handling online financial transactions for commercial purpose.”

As the coalition letter points out, this proposal threatens a wide range of people who have good reason to want to keep their information private:

  • women indie game developers who sell products through their own online stores
  • freelance journalists and authors who market their work online
  • small business owners who run stores or businesses from their homes>
  • activists who take donations to fund their work, especially those living under totalitarian regimes
  • people who share personal stories online to crowdfund medical procedures

Even without the ban on privacy for “commercial” websites, the proposal creates serious privacy problems for website owners. Accusations of copyright and trademark infringement are easy to make and easy to abuse, and the working group proposal doesn’t impose any consequences for false or abusive accusations.

The danger posed by having a home address made public is serious:

"Doxing" is the malicious practice of obtaining someone's personal information (e.g. home address, phone number, etc) and making that information more readily and widely available. Doxing makes possible a wide range of crowdsourced harassment and intimidation, which includes everything from unwanted pizza deliveries to unrelenting barrages of rape and death threats.

And as Katherine Cross, a sociologist specializing in research on online harassment and gender in virtual worlds points out, “A WHOIS search is by no means the only way to dox someone, but we should be making it harder to acquire such information, not greasing the skids… Would-be doxers don’t need help from the internet’s custodians.”

She’s absolutely right. Doxing and other forms of harassment that involve the use of someone’s home address can be profoundly damaging to the free speech and privacy rights of the people targeted—and these types of harassment are frequently used to intimidate and silence the most marginalized groups. Privacy isn’t a philosophical question. For some, it's a matter of access to the Internet, especially for those who need it most. That’s often women, minorities, and people with unpopular political views.

That’s why we’re excited to have such a broad coalition signed on to this letter. Digital rights groups like Fight for the Future and EFF have signed on alongside a plethora of anti-domestic violence advocacy and women’s rights organizations from around the world. Celebrities like Chris Kluwe, Ashley Judd and Amanda Palmer have joined voices with Internet luminaries like Richard Stallman, President of the Free Software Foundation, and Harvard Professor Jonathan Zittrain. The signatories also include the Tor Project and Wickr, recognizing that real security and anonymity would be impossible for many should this proposal become policy.

Who does support this proposal? Certainly not everyone in ICANN, or even most of the Working Group. The Noncommercial Stakeholders Group, which is part of the Working Group, is fighting to keep strong privacy protections in the policy. And most of the Working Group opposes the idea of treating “commercial” domains differently. The Working Group’s report notes:

The WG agrees that the status of a registrant as a commercial organization, non-commercial organization, or individual should not be the driving factor in whether [privacy and proxy] services are available to the registrant. Fundamentally, P/P services should remain available to registrants irrespective of their status as commercial or non-commercial organizations or as individuals.

We agree. No special treatment of "commercial" domains is warranted. The Working Group should stay the course on rejecting that distinction.

In fact, as we’ve already pointed out, this proposal seems to be almost exclusively supported by the entertainment industry and major commercial brands, who say that they need to be able to discover the identities of website owners on request, without a court order, in order to enforce their trademarks and copyrights.

This isn’t necessary. Copyright and trademark infringement can be investigated using existing legal processes, like subpoenas, under a court’s supervision. While court oversight isn’t a perfect system in any country, it generally provides for notice to those whose privacy is threatened, a way for them to challenge a loss of privacy, and avenues of appeal. The working group proposal would give entertainment companies and commercial brands a cheaper and potentially faster way to get the identities of website owners, but those entities already have ample tools that are less prone to abuse.

You can read the whole letter and see the signatories here. ICANN hasn’t made any decision on this proposal yet, so it’s important that they hear from lots of different people and organizations who may be affected. That’s why we’re proud to join this coalition letter, and that’s why you should submit your own comments to ICANN today, the last day of the public comment period. You can make yourself heard by signing the petition at https://www.savedomainprivacy.org/. With your help, the proposal to create barriers to privacy, or even ban it altogether for some websites, won’t advance any further.

Ultimately, whether ICANN adopts this proposal comes down to a very simple question: what does ICANN care about more? The safety and security of vulnerable Internet users, or a little expediency for corporate trademark and copyright holders?


Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora  ||  Join EFF
Read more...
 
New Leaked TPP Chapter Shows Countries Converging on Anti-User Copyright Takedown Rules Print
Written by Administrator   
Monday, 06 July 2015 07:31

A draft of the Trans-Pacific Partnership's "Intellectual Property" chapter from May 11, 2015 has recently been leaked to journalists. This is the fourth leak of the chapter following earlier drafts of October 2014, August 2013, and February 2011. The latest leak is not available online and we don't have a copy of it—but we have been briefed on its contents.

In most respects the chapter follows previous drafts pretty closely; for example, the text on DRM circumvention and copyright term are both largely unchanged. But there is one area in which significant progress has been made since the last draft, and this is in the text on intermediary liability rules. Specifically, the new change involves the immunity that Internet companies enjoy from copyright liability, provided that they satisfy certain safe harbor conditions.

Under the United States' Digital Millennium Copyright Act (DMCA), these safe harbor conditions require Internet intermediaries to comply with a “notice-and-takedown” process. This has seen legitimate content taken off the Internet in response to bogus claims of infringement, as in the famous dancing baby case, as well as being misused for political censorship. Until now, one point of contention among the TPP partners has been whether countries that don't already have an equivalent to the DMCA's broken notice-and-takedown rules would be forced to adopt one.

Alternatives to Notice-and-Takedown

Several of the TPP countries already have systems that are significantly better than the DMCA. For example, Canada's groundbreaking notice-and-notice regime, which only commenced this year, notifies users of copyright claims without requiring any content to be taken offline automatically. Similarly, Chile has a 2010 notice and judicial-takedown regime that requires a judge to review any takedown before it takes effect. And Japan has something of a hybrid—a judicial order is not required, but takedown requests are verified by a trusted self-regulatory authority before the intermediary acts on them.

The latest leak suggests that the U.S. is now likely to accommodate at least some of these existing intermediary liability regimes, rather than forcing a carbon-copy of the failed DMCA on its TPP partners. The text does enforce a more generalized model of limitation of liability for intermediaries for third party content, and imposes a range of conditions before they qualify for that protection. But those conditions are now broad enough to accommodate a Japanese-style system in which a self-regulatory authority, formed by intermediaries and rightsholders with government involvement, is required to verify notices of claimed infringement before they are acted on.

Chile (supported by Vietnam) has inserted a footnote to this ISP liability text, indicating its proposal that a judicial authority should be required to verify notices of claimed infringement, rather than the self-regulatory authority that Japan proposes. The U.S. has not explicitly noted its objection to that proposal, though this may simply be because as a minority proposal not yet reflected in the main text, it hasn't yet advanced to the point where the U.S. feels it necessary to express its disagreement. Or perhaps negotiations are still ongoing on this question.

Whither Canada?

What about Canada? Interestingly, Canada's system is not accommodated within the main text, but in a separate annex. The annex would exempt a country (such as Canada, implicitly) from the requirement to have a notice-and-takedown system provided that it already has a system in place requiring intermediaries to pass on notices of alleged infringement to their users.

But in exchange for this “leniency”, such a country has several superadded copyright enforcement obligations that other countries do not: most notably, they must also impose secondary liability on intermediaries for services that are primarily used to enable copyright infringement, and must require search engines to remove cached copies of copyright-infringing items after the originals have been removed.

Neither of these are good ideas. Imposing liability on intermediaries for services that can be used to infringe copyright inevitably also ensnares general purpose technologies such as cloud storage services and Virtual Private Networks (VPNs). And as for the removal of infringing copies from search engines, the context in which copyright works are presented can raise a case of fair use (or fair dealing, Canada's equivalent). That is, it may be fair use for a search engine to provide a point-in-time archive of material that it has indexed, even if in its original context that material may have been infringing.

More fundamentally, we worry about this horse-trading of one strict copyright enforcement measure for another. Canada's notice-and-notice system is not a “second best” alternative to notice-and-takedown, and therefore there is no justification for the TPP to force Canadians to supplement it with additional enforcement measures that could have negative effects of their own.

A Few Notable Improvements

There are some other notable changes to the draft that are positive, and follow recommendations from the Manila Principles on Intermediary Liability. For example:

  • The text now requires parties to provide penalties for knowingly false takedown notices (but also for false counter-notices).
  • Content that has been removed in response to a takedown notice must be restored if a valid counter-notice is received.
  • A failure of an intermediary to satisfy safe harbor conditions should not automatically make them liable for the user's copyright infringement—it just means that they are no longer protected from being found liable in court.
  • The limitations on liability that intermediaries enjoy may not be made conditional on their proactively monitoring uploads to their networks.

But despite these few concessions, welcome as they are, the text as a whole is not geared towards dealing adequately with the human rights of users. Why should we expect otherwise? It is, after all, drafted by trade experts, at the direction of trade ministries, informed by corporate-stacked advisory groups who are not interested in freedom of expression and the open Internet, but in greasing the wheels of commerce. These few improvements in the intermediary liability text are just that—grease to allow these intermediary standards to slip past the defenses of the countries that have been resisting the imposition of U.S.-style rules until now.

Intermediary liability rules are much more than a trade issue. It is indeed an issue that deeply impacts human rights—since it is only when they are shielded from liability that intermediaries are appropriately incentivized to foster users' freedom of expression and freedom of association online. Such rules ought not to be crafted by small groups of trade negotiators behind closed doors.

This latest leak indicates that the negotiating countries are coming closer to consensus on common intermediary liability rules. Although that text may be looking better than in previous drafts, the TPP members' surrender of control over developing such rules to a closed, captured process is not good news. Taken together with the remaining threats from the IP chapter, such as enhanced protection for digital locks, trade secret rules that could be used against journalists and whistleblowers, criminal sanctions for even non-financially motivated but large scale infringement, and the extension of copyright term by 20 years, the case for us to fight the TPP has never been more compelling.


Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora  ||  Join EFF
Read more...
 
Open Data Bills Move Forward in California Print
Written by Administrator   
Monday, 06 July 2015 04:45

While California may be home to some of the most aggressively forward-thinking tech companies in the world, that enthusiasm for innovation hasn’t carried over to the public sector. State and local governments have been frustratingly slow to make public data available online. There hasn’t been anything close to a statewide standard, leaving individual agencies to voluntarily develop open data policies, often in an inconsistent and piecemeal fashion, or not at all.  

That would change if the California legislature passes two bills, S.B. 573 and S.B. 272, which would put state and local government bodies respectively on the path to open data.

The general philosophy behind open data is that datasets maintained by the government agencies are public records and should be, by default, machine-readable and downloadable from public websites. Open data allows for greater analysis and oversight by citizen watchdogs, researchers, and journalists, and creates many opportunities for civic-minded coders to create new tools for interacting with the government. 

While these bills aren’t quite as robust as transparency zealots like us would prefer, they do put California on the right track to greater transparency, accountability, civic engagement, and innovation by expanding public access to government data.

S.B. 573 – State-level Open Data

Sen. Richard Pan’s S.B. 573 would establish the position of Chief Data Officer for the state of California. This executive officer would be tasked with creating an open-data roadmap, open-data guidelines, an open-data working group, and a statewide open-data portal. 

Currently, the California Attorney General’s office has provided guidelines used statewide for compliance with the California Public Records Act.  However, the California Department of Justice isn’t particularly well suited for advocating open data, as evidenced by our recent battle over the office’s short-lived policy of only providing wiretap data in a “locked PDF” format.  Creating a new officer whose primary job is to research and promote open data will go a long way to address this issue.

Of course, the bill could be much better.  For example, the timeline described in the bill would require the state government to publish 150 datasets by June 1, 2017. That’s a pretty mediocre commitment, considering that data.ca.gov already links to more than 120 datasets. The state could move much faster.

We’ve also urged the legislature to strengthen the bill by including non-profit transparency groups in the open data working group. We would also like to see the Chief Data Officer tasked with ensuring that data is accurate and complete, in addition to being available to the public.

We’re also glad that the bill specifically mentions privacy, because open data can make it easier to identify individuals even after attempts to strip identifying information like name, gender, address, birth data, phone number, and Social Security number.  In our letter supporting the bill, we asked that the Chief Data Officer and the open-data working group evaluate potential “reidentification” effects, which have been of particular concern for public health data

S.B. 573 passed out of the Senate with a strong majority and will be heard on July 7 in the Assembly’s Privacy and Consumer Protection Committee

S.B. 272 – Local Government Data Inventories

Sen. Robert Hertzberg’s S.B. 272 would require local government agencies to publish a list of all the information systems they maintain. These catalogs of data would include basic details for each database, including a description of the purpose for the system, how the data is collected and updated, and the vendor providing the software or hosting for system. This last point is important for ensuring accountability in this age of outsourcing.

However, this bill does not require local agencies to actually publish the dataset themselves online, although the legislation does serve as a stepping stone to potential future expansion similar to S.B. 573 (in fact, local agencies would have access to the same tools developed by the Chief Data Officer). In the meantime, these inventories would serve as a menu of sorts from which the public can request data through a California Public Records Act request. 

We’re not thrilled that the legislature has exempted school districts from the bill’s requirements. We see no reason that the public should not be able to learn basic information about how schools and their vendors collect and store information about students and teachers, especially as private “cloud” companies become more involved in schools.

S.B. 272 passed unopposed in the Senate and is set for a hearing on July 15 in the Assembly’s Committee on Local Government

Related Issues: 

Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora  ||  Join EFF
Read more...
 
«StartPrev123NextEnd»

Page 1 of 3