EFF - sfeed_tests - sfeed tests and RSS and Atom files
(HTM) git clone git://git.codemadness.org/sfeed_tests
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
EFF (511687B)
---
1 <?xml version="1.0" encoding="utf-8" ?><rss version="2.0" xml:base="https://www.eff.org/rss/updates.xml" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom">
2 <channel>
3 <title>Deeplinks</title>
4 <link>https://www.eff.org/rss/updates.xml</link>
5 <description>EFF's Deeplinks Blog: Noteworthy news from around the internet</description>
6 <language>en</language>
7 <atom:link href="https://www.eff.org/rss/updates.xml" rel="self" type="application/rss+xml" />
8 <item>
9 <title>Three Interactive Tools for Understanding Police Surveillance</title>
10 <link>https://www.eff.org/deeplinks/2020/09/three-interactive-tools-understanding-police-surveillance</link>
11 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><em>This post was written by Summer 2020 Intern <a href="https://twitter.com/jromox?lang=en">Jessica Romo</a>, a student at the Reynolds School of Journalism at University of Nevada, Reno. </em></p>
12 <p><span>As law enforcement and government surveillance technology continues to become more and more advanced, it has also become harder for everyday people to avoid. Law enforcement agencies all over the United States are using body-worn cameras, automated license plate readers, drones, and much more—all of which threat people's right to privacy. But it's often difficult for people to even become aware of what technology is being used where they live. </span></p>
13 <p><em></em><span>The Electronic Frontier Foundation has three interactive tools that help you learn about the new technologies being deployed around the United States and how they impact you: the Atlas of Surveillance, Spot the Surveillance, and Who Has Your Face?</span></p>
14 <h3><em></em>The Atlas of Surveillance<br /><a href="https://atlasofsurveillance.org">https://atlasofsurveillance.org</a> </h3>
15 <p><a href="https://atlasofsurveillance.org%20"><img src="/files/2020/09/17/atlas.png" width="1514" height="780" alt="A map with a lot of dots representing different kinds of surveillance." /></a></p>
16 <p><em></em><span>The Atlas of Surveillance is a database and map that will help you understand the magnitude of surveillance at the national level, as well as what kind of technology is used locally where you live. </span></p>
17 <p><span>Developed in partnership with the University of Nevada, Reno's Reynolds School of Journalism, the Atlas of Surveillance is a dataset with more than 5,500 points of information on technology surveillance used by law enforcement agencies across the United States. Journalism students and EFF volunteers gathered online research, such as news articles and government records, on 10 common surveillance technologies and two different types of surveillance command centers. </span></p>
18 <p>By clicking any point on the map, you will get the name of an agency and a description of the technology. If you toggle the interactive legend, you can see how each technology is spreading across the country. You can also search a simple-to-use text version of the database of all the research, including links to news articles or documents that confirm the existence of the technology in that region. </p>
19 <h3><b></b></h3>
20 <h3><b>Who Has Your Face?<br /></b><a href="https://whohasyourface.org/#"><b>https://whohasyourface.org/</b></a></h3>
21 <p><a href="https://whohasyourface.org/"><span><img src="/files/2020/09/17/whyf.png" width="1151" height="785" alt="The front page of the Who Has Your Face website" /></span></a></p>
22 <p><span>Half of all adults in the United States likely have their image in a law enforcement facial recognition database, according to a </span><a href="https://www.law.georgetown.edu/news/half-of-all-american-adults-are-in-a-police-face-recognition-database-new-report-finds/"><span>2016 report</span></a><span> from the Center on Privacy &amp; Technology at Georgetown Law. Today, that number is probably higher. But what about your face? </span></p>
23 <p><em></em><span>Face recognition is a form of biometric surveillance that uses software to automatically identify or track someone based on their physical characteristics. People are subjected to face recognition in hundreds of cities around the country. Government has a number of uses for the technology, from screening passengers at airports to identifying protesters caught on camera. </span></p>
24 <p><a href="https://whohasyourface.org/"><span>Who Has Your Face?</span></a><span> is a short quiz that allows a user to see which government agencies can access their official photographs (such as a driver's license or a mugshot) and whether investigators can apply face recognition technology to those photos.</span></p>
25 <p><span>The site doesn't collect personal information, but it does ask five basic questions, such as whether you have a driver's license and if so, what state issued it. Based on your choice, the system will automatically generate a list of agencies that could potentially access your images. </span></p>
26 <p><span>It also includes a </span><a href="https://whohasyourface.org/resources/"><span>resource page</span></a><span> listing what each state’s DMV and other agencies can access. </span></p>
27 <h3><b>Spot the Surveillance<br /></b><a href="https://eff.org/spot"><b>https://eff.org/spot</b></a></h3>
28 <p><a href="https://eff.org/spot"><img src="/files/2020/09/17/spot-the-surveillance_banner.png" width="1200" height="600" alt=" a visor looking at buildings with drones and other spy tech" /></a></p>
29 <p><span>If you drove past an automated license plate reader, would you know what it looks like? Ever look closely at the electronic devices carried by police officers? Most of the time, people might not even notice when they've walked into the frame of surveillance technology. </span></p>
30 <p><span>Spot the Surveillance is a virtual reality experience where you will learn how to identify surveillance technology that local law enforcement agencies use.</span></p>
31 <p><span>The experience takes place in a San Francisco neighborhood, where a resident is having an interaction with two police officers. You'll look in every direction to find seven technologies being deployed. After you find each technology, you’ll learn more about how it operates and how it’s used by police. Afterwards, you can try your new skills to identify these technologies in real life in your hometown. </span></p>
32 <p><span>Spot the Surveillance works with most VR headsets, but is also available to use on a regular web browser. There’s also a </span><a href="https://www.eff.org/es/pages/descubra-la-vigilancia-una-experiencia-de-realidad-virtual-para-no-perder-de-vista-al-gran"><span>Spanish version</span></a><span>.</span></p>
33 <h3><em><br /></em><b>Get To Know The Surveillance That’s Getting To Know You</b></h3>
34 <p><em></em><span>EFF has fought back against surveillance for decades, but we need your help. What other interactive tools would you like to see? Let us know on social media or by emailing </span><a href="mailto:info@eff.org"><span>info@eff.org</span></a><span>, so we can continue to help you protect your privacy. </span></p>
35
36 </div></div></div></description>
37 <pubDate>Thu, 17 Sep 2020 22:05:43 +0000</pubDate>
38 <guid isPermaLink="false">103746 at https://www.eff.org</guid>
39 <category domain="https://www.eff.org/issues/street-level-surveillance">Street-Level Surveillance</category>
40 <dc:creator>Dave Maass</dc:creator>
41 <enclosure url="https://www.eff.org/files/banner_library/sls-social_1_0.png" alt="" type="image/png" length="32568" />
42 </item>
43 <item>
44 <title>Plaintiffs Continue Effort to Overturn FOSTA, One of the Broadest Internet Censorship Laws</title>
45 <link>https://www.eff.org/deeplinks/2020/09/plaintiffs-continue-effort-overturn-fosta-one-broadest-internet-censorship-laws</link>
46 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><em>Special thanks to legal intern Ross Ufberg, who was lead author of this post.</em></p>
47 <p>A group of organizations and individuals are continuing their fight to overturn the Allow States and Victims to Fight Online Sex Trafficking Act, known as FOSTA, arguing that the law violates the Constitution in multiple respects.</p>
48 <p>In <a href="https://www.eff.org/document/woodhull-v-united-states-plaintiffs-motion-summary-judgment">legal</a> <a href="https://www.eff.org/document/woodhull-v-united-states-plaintiffs-brief-support-summary-judgment">briefs</a> <a href="https://www.eff.org/document/woodhull-v-united-states-plaintiffs-statement-undisputed-material-facts">filed</a> in federal court recently, plaintiffs Woodhull Freedom Foundation, Human Rights Watch, the Internet Archive, Alex Andrews, and Eric Koszyk argued that the law violates the First and Fifth Amendments, and the Constitution’s prohibition against ex post facto laws. EFF, together with Daphne Keller at the Stanford Cyber Law Center, as well as lawyers from Davis Wright Tremaine and Walters Law Group, represent the plaintiffs.</p>
49 <h3>How FOSTA Censored the Internet</h3>
50 <p>FOSTA led to <a href="https://survivorsagainstsesta.org/documentation/">widespread Internet censorship</a>, as <a href="https://www.eff.org/document/woodhull-v-united-states-declaration-jessica-p-ashooh-reddit">websites</a> and other online services either prohibited users from speaking or shut down entirely. FOSTA accomplished this comprehensive censorship by making three major changes in law:</p>
51 <p><strong>First</strong>, FOSTA creates a new federal crime for any website owner to “promote” or “facilitate” prostitution, without defining what those words mean. Organizations doing educational, health, and safety-related work, such as The Woodhull Foundation, and one of the leaders of the Sex Workers Outreach Project USA (SWOP USA), fear that prosecutors may interpret advocacy on behalf of sex workers as the “promotion” of prostitution. Prosecutors may view creation of an app that makes it safer for sex workers out in the field the same way. Now, these organizations and individuals—the plaintiffs in the lawsuit—are reluctant to exercise their First Amendment rights for fear of being prosecuted or sued.</p>
52 <p><strong>Second, </strong>FOSTA expands potential liability for federal sex trafficking offenses by adding vague definitions and expanding the pool of enforcers. In addition to federal prosecution, website operators and nonprofits now must fear prosecution from thousands of state and local prosecutors, as well as private parties. The cost of litigation is so high that many nonprofits will simply cease exercising their free speech, rather than risk a lawsuit where costs can run into the millions, even if they win.</p>
53 <p><strong>Third</strong>, FOSTA limits the federal immunity provided to online intermediaries that host third-party speech under 47 U.S.C. § 230 (“Section 230”). This immunity has allowed for the proliferation of online services that host user-generated content, such as Craigslist, Reddit, YouTube, and Facebook. Section 230 helps ensure that the Internet supports diverse and divergent viewpoints, voices, and robust debate, without every website owner needing to worry about being sued for their users’ speech. The removal of Section 230 protections resulted in intermediaries shutting <a href="https://www.craigslist.org/about/FOSTA">down entire sections</a> or discussion boards for fear of being subject to criminal prosecution or civil suits under FOSTA.</p>
54 <h3>How FOSTA Impacted the Plaintiffs</h3>
55 <p>In their filings asking a federal district court in Washington, D.C. to rule that FOSTA is unconstitutional, the plaintiffs describe how FOSTA has impacted them and a broad swath of other Internet users. Some of those impacts have been small and subtle, while others have been devastating.</p>
56 <p><a href="https://www.eff.org/document/woodhull-v-united-states-declaration-eric-koszyk">Eric Koszyk</a> is a licensed massage therapist who heavily relied on Craigslist’s advertising platform to find new clients and schedule appointments. Since April 2018, it’s been hard for Koszyk to supplement his families’ income with his massage business. After Congress passed FOSTA, Craigslist shut down the Therapeutic Services of its website, where Koszyk had been most successful at advertising his services. Craigslist further prohibited him from posting his ads anywhere else on its site, despite the fact that his massage business is entirely legal. In a post <a href="https://www.craigslist.org/about/FOSTA">about FOSTA</a>, Craigslist said that they shut down portions of their site because the new law created too much risk. In the two years since Craigslist removed its Therapeutic Services section, Koszyk still hasn’t found a way to reach the same customer base through other outlets. His income is less than half of what it was before FOSTA.</p>
57 <p><a href="https://www.eff.org/document/woodhull-v-united-states-declaration-alex-andrews">Alex Andrews</a>, a national leader in fighting for sex worker rights and safety, has had her activism curtailed by FOSTA. As a board member of SWOP USA, Andrews helped lead its efforts to develop a mobile app and website that would have allowed sex workers to report violence and harassment. The app would have included a database of reported clients that workers could query before engaging with a potential client, and would notify others nearby when a sex worker reported being in trouble. When Congress passed FOSTA, Alex and SWOP USA abandoned their plans to build this app. SWOP USA, a nonprofit, simply couldn’t risk facing prosecution under the new law.</p>
58 <p>FOSTA has also impacted a website that Andrews helped to create. The website <a href="https://www.ratethatrescue.org/wp/">Rate That Rescue</a> is “a sex worker-led, public, free, community effort to help everyone share information” about organizations which aim to help sex workers leave their field or otherwise assist them. The website hosts ratings and reviews. But without the protections of Section 230, in Andrews’ words, the website “would not be able to function” because of the “incredible liability for the content of users’ speech.” It’s also likely that Rate That Rescue’s creators face criminal liability under FOSTA’s new criminal provisions because the website aims to make sex workers’ lives and work safer and easier. This could be considered to violate FOSTA’s provisions that make it a crime to promote or facilitate prostitution.</p>
59 <p> <a href="https://www.eff.org/document/woodhull-v-united-states-declaration-ricci-levy">Woodhull Freedom Foundation</a> advocates for sexual freedom as a human right, which includes supporting the health, safety, and protection of sex workers. Each year, Woodhull organizes a Sexual Freedom Summit in Washington, DC, with the purpose of bringing together educators, therapists, legal and medical professionals, and advocacy leaders to strategize on ways to protect sexual freedom and health. There are workshops devoted to issues affecting sex workers, including harm reduction, disability, age, health, and personal safety. This year, COVID-19 has made an in person meeting impossible, so Woodhull is livestreaming some of the events. Woodhull has had to censor their ads on Facebook, and modify their programming on YouTube, just to get past those companies’ heightened moderation policies in the wake of FOSTA.</p>
60 <p><a href="https://www.eff.org/document/woodhull-v-united-states-declaration-brewster-kahle">The Internet Archive</a>, a nonprofit library that seeks to preserve digital materials, faces increased risk because FOSTA has dramatically increased the possibility that a prosecutor or private citizen might sue it simply for archiving newly illegal web pages. Such a lawsuit would be a real threat for the Archive, which is the Internet’s largest digital library.</p>
61 <p>FOSTA puts <a href="https://www.eff.org/document/woodhull-v-united-states-declaration-dinah-pokempner">Human Rights Watch</a> in danger, as well. Because the organization advocates for the decriminalization of sex work, they could easily face prosecution for “promoting” prostitution.</p>
62 <h3>Where the Legal Fight Against FOSTA Stands Now</h3>
63 <p>With the case now back in district court after the D.C. Circuit Court of Appeals <a href="https://www.eff.org/press/releases/victory-lawsuit-challenging-fosta-reinstated-court">reversed the lower court’s decision to dismiss the suit</a>, both sides have filed motions for summary judgment. In their filings, the plaintiffs make several arguments for why FOSTA is unconstitutional.</p>
64 <p>First, they argue that FOSTA is vague and overbroad. The Supreme Court has said that if a law “fails to give ordinary people fair notice of the conduct it prohibits,” it is unconstitutional. That is especially true when the vagueness of the law raises special First Amendment concerns.</p>
65 <p>FOSTA does just that. The law makes it illegal to “facilitate” or “promote” prostitution without defining what that means. This has led to, and will continue to lead to, the censorship of speech that is protected by the First Amendment. Organizations like Woodhull, and individuals like Andrews, are already curbing their own speech. They fear their advocacy on behalf of sex workers may constitute “promotion” or “facilitation” of prostitution.</p>
66 <p>The government argues that the likelihood of anyone misconstruing these words is remote. But some courts interpret “facilitate” to simply mean make something easier. By this logic, anything that plaintiffs like Andrews or Woodhull do to make sex work safer, or make sex workers’ lives easier, could be considered illegal under FOSTA.</p>
67 <p>Second, the plaintiffs argue that FOSTA’s Section 230 carveouts violate the First Amendment. A provision of FOSTA eliminates some Section 230 immunity for intermediaries on the Web, which means anybody who hosts a blog where third parties can comment, or any company like Craigslist or Reddit, can be held liable for what <em>other </em>people say.</p>
68 <p>As the plaintiffs show, all the removal of Section 230 immunity really does is squelch free speech. Without the assurance that a host won’t be sued for what a commentator or poster says, those hosts simply won’t allow others to express their opinions. As discussed above, this is precisely what happened once FOSTA passed.</p>
69 <p>Third, the plaintiffs argued that FOSTA is not narrowly tailored to the government’s interest in stopping sex trafficking. Government lawyers say that Congress passed FOSTA because it was concerned about sex trafficking. The intent was to roll back Section 230 in order to make it easier for victims of trafficking to sue certain websites, such as Backpage.com. The plaintiffs agree with Congress that there is a strong public interest in stopping sex trafficking. But FOSTA doesn’t accomplish those goals—and instead, it sweeps up a host of speech and advocacy protected by the First Amendment.</p>
70 <p>There’s no evidence the law has reduced sex trafficking. The effect of FOSTA is that traffickers who once posted to legitimate online platforms will go even deeper underground—and law enforcement <a href="https://reason.com/2019/12/05/ro-khanna-hopes-this-bill-will-pave-the-way-to-repealing-fosta/">will have to look harder</a> to find them and combat their illegal activity.</p>
71 <p>Finally, FOSTA violates the Constitution’s prohibition on criminalizing past conduct that was not previously illegal. It’s what is known as an “ex post facto” law. FOSTA creates new retroactive liability for conduct that occurred before Congress passed the law. During the debate over the bill, the U.S. Department of Justice even admitted this problem to Congress—but the DOJ later promised to “pursu[e] only newly prosecutable criminal conduct that takes place after the bill is enacted.” The government, in essence, is saying to the courts, “We promise to do what we say the law means, not what the law clearly says.” But the Department of Justice cannot control the actions of thousands of local and state prosecutors—much less private citizens who sue under FOSTA based on conduct that occurred long before it became law.</p>
72 <p>* * *</p>
73 <p>FOSTA sets out to tackle the genuine problem of sex trafficking. Unfortunately, the way the law is written achieves the opposite effect: it makes it harder for law enforcement to actually locate victims, and it punishes organizations and individuals doing important work. In the process, it does irreparable harm to the freedom of speech guaranteed by the First Amendment. FOSTA silences diverse viewpoints, makes the Internet less open, and makes critics and advocates more circumspect. The Internet should remain a place where robust debate occurs, without the fear of lawsuits or jail time.</p>
74
75 </div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/cases/woodhull-freedom-foundation-et-al-v-united-states">Woodhull Freedom Foundation et al. v. United States</a></div></div></div></description>
76 <pubDate>Thu, 17 Sep 2020 19:34:20 +0000</pubDate>
77 <guid isPermaLink="false">103743 at https://www.eff.org</guid>
78 <category domain="https://www.eff.org/issues/free-speech">Free Speech</category>
79 <category domain="https://www.eff.org/issues/cda230">Section 230 of the Communications Decency Act</category>
80 <dc:creator>Aaron Mackey</dc:creator>
81 <enclosure url="https://www.eff.org/files/banner_library/stop-sesta-og-2_0.jpg" alt="" type="image/jpeg" length="89161" />
82 </item>
83 <item>
84 <title>EFF Joins Coalition Urging Senators to Reject the EARN IT Act</title>
85 <link>https://www.eff.org/deeplinks/2020/09/eff-joins-coalition-urging-senators-reject-earn-it-act</link>
86 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Recently, EFF joined the Center for Democracy and Technology (CDT) and 26 other organizations to send a <a href="https://cdt.org/wp-content/uploads/2020/09/Civil-Society-Coalition-Letter-EARN-IT-Act-9.15.20.pdf">letter</a> to the Senate opposing the EARN IT Act (S. 3398), asking that the Senate oppose fast tracking the bill, and to vote NO on passage of the bill.</p>
87 <p>As we have <a href="https://www.eff.org/deeplinks/2020/07/new-earn-it-bill-still-threatens-encryption-and-free-speech">written</a> <a href="https://www.eff.org/deeplinks/2020/03/earn-it-act-violates-constitution">many</a> <a href="https://www.eff.org/deeplinks/2020/03/earn-it-bill-governments-not-so-secret-plan-scan-every-message-online">times</a> before, if passed, the EARN IT Act would threaten free expression, harm innovation, and jeopardize important security protocols. We were pleased to join with other organizations that share our concerns about this harmful bill.</p>
88 <p>We sent our letter, but your Senators need to hear from you. Contact your Senators and tell them to oppose the EARN IT Act.</p>
89
90 <p class="take-action"><a href="https://act.eff.org/action/stop-the-earn-it-bill-before-it-breaks-encryption">TAKE ACTION</a></p>
91 <p class="take-explainer"><a href="https://act.eff.org/action/stop-the-earn-it-bill-before-it-breaks-encryption">STOP THE EARN IT BILL BEFORE IT BREAKS ENCRYPTION</a></p>
92
93 </div></div></div></description>
94 <pubDate>Wed, 16 Sep 2020 22:59:32 +0000</pubDate>
95 <guid isPermaLink="false">103729 at https://www.eff.org</guid>
96 <category domain="https://www.eff.org/issues/cda230">Section 230 of the Communications Decency Act</category>
97 <dc:creator>India McKinney</dc:creator>
98 <enclosure url="https://www.eff.org/files/banner_library/eagle-2b.jpg" alt="The Graham-Blumenthal bill is anti-speech, anti-security, and anti-innovation." type="image/jpeg" length="223568" />
99 </item>
100 <item>
101 <title>What the *, Nintendo? This in-game censorship is * terrible.</title>
102 <link>https://www.eff.org/deeplinks/2020/09/what-nintendo-game-censorship-terrible</link>
103 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>While many are staying at home and escaping into virtual worlds, it's natural to discuss what's going on in the physical world. But Nintendo is shutting down those conversations with its latest </span><a href="https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/~/nintendo-switch-system-updates-and-change-history"><span>Switch system update</span></a><span> (Sep. 14, 2020) by </span><a href="https://www.polygon.com/2020/9/15/21437856/nintendo-switch-update-banned-words-list-coronavirus-stability%22"><span>adding new terms</span></a><span> like COVID, coronavirus and ACAB to its censorship list for usernames, in-game messages, and search terms for in-game custom designs (but not the designs themselves).</span></p>
104
105 <p><img src="/files/2020/09/16/acnhcensor.jpeg" alt="A screenshot in-game of a postcard sent from a friend in Animal Crossing. The message says &quot;testing censorship of&quot; , followed by three asterisks in place of the expected words." width="1280" height="720" /></p>
106 <p><span>While we understand the urge to prevent abuse and misinformation about COVID-19, censoring certain strings of characters is a blunderbuss approach unlikely to substantially improve the conversation. As an initial matter, it is easily circumvented: while our testing, shown above, confirmed that Nintendo censored coronavirus, COVID and ACAB, but does not restrict substitutes like c0vid or a.c.a.b., nor corona and virus, when written individually.</span></p>
107 <p><span>More importantly, </span><a href="https://www.eff.org/deeplinks/2019/05/censorship-cant-be-only-answer-disinformation-online"><span>it’s a bad idea</span></a><span>, because these terms can be part of important conversations about politics or public health. Video games are not just for gaming and escapism, but are part of the fabric of our lives as a </span><a href="https://www.reuters.com/article/us-global-videogames-rights-trfn/video-games-seen-becoming-a-new-frontier-in-digital-rights-idUSKCN24W00L"><span>platform for political speech</span></a><span> and expression. As the world went into pandemic lockdown, Hong Kong democracy activists </span><a href="https://www.wired.co.uk/article/animal-crossing-hong-kong-protests-coronavirus"><span>took to Nintendo’s hit Animal Crossing</span></a><span> to keep their pro-democracy protest going online (and Animal Crossing was </span><a href="https://www.bbc.com/news/technology-52269671"><span>banned in China</span></a><span> shortly after). Just as many Black Lives Matter protests took to the streets, other protesters </span><a href="https://www.theguardian.com/games/2020/aug/07/black-lives-matter-meets-animal-crossing-how-protesters-take-their-activism-into-video-games"><span>voiced their support</span></a><span> in-game. Earlier this month, the Biden campaign introduced </span><a href="https://twitter.com/verge/status/1300803125520072708"><span>Animal Crossing yard signs</span></a><span> which other players can download and place in front of their in-game home. EFF is part of this too—you can show your </span><a href="https://supporters.eff.org/donate/AnimalCrossing"><span>support for EFF</span></a><span> with in-game hoodies and hats. </span></p>
108
109 <p><img src="/files/2020/09/16/internetfreedomfighter.jpg" alt="A screenshot in-game showing Chow, an Animal Crossing panda villager, asking whether the player is an “Internet freedom fighter.” The player has highlighted “Yup.”" width="1280" height="720" /></p>
110 <p><span>Nevertheless, Nintendo seems uncomfortable with political speech on its platform. The Japanese <a href="https://accounts.nintendo.com/term/eula/JP">Terms of Use</a> </span><a href="https://kotaku.com/japanese-politician-suspends-animal-crossing-campaign-1844975021/amp"><span>prohibit</span></a><span> in-game “political advocacy” (政治的な主張 or <em>seijitekina shuchou</em>), which led to a candidate for Japan’s Prime Minister canceling an in-game campaign event. But it has not expanded this blanket ban to the Terms for </span><a href="https://www.nintendo.com/terms-of-use/"><span>Nintendo of America</span></a><span> or </span><a href="https://ms.nintendo-europe.com/terms/wiiu/"><span>Nintendo of Europe</span></a><span>.</span></p>
111 <p><span>Nintendo has the right to host the platform </span><a href="https://www.eff.org/deeplinks/2020/03/ninth-circuit-private-social-media-platforms-are-not-bound-first-amendment"><span>as it sees fit</span></a><span>. But </span><a href="https://www.eff.org/deeplinks/2018/04/platform-censorship-wont-fix-internet"><span>just because they can do this, doesn’t mean they should</span></a><span>. Nintendo needs to also recognize that it has provided a platform for political and social expression, and allow people to use words that are part of important conversations about our world, whether about the pandemic, protests against police violence, or democracy in Hong Kong.</span></p>
112
113 </div></div></div></description>
114 <pubDate>Wed, 16 Sep 2020 22:10:15 +0000</pubDate>
115 <guid isPermaLink="false">103728 at https://www.eff.org</guid>
116 <category domain="https://www.eff.org/issues/video-games">Video Games</category>
117 <category domain="https://www.eff.org/issues/free-speech">Free Speech</category>
118 <category domain="https://www.eff.org/issues/content-blocking">Content Blocking</category>
119 <dc:creator>Kurt Opsahl</dc:creator>
120 <enclosure url="https://www.eff.org/files/banner_library/dc28_tech_trivia.jpeg.jpg" alt="EFF characters playing Tech Trivia" type="image/jpeg" length="381459" />
121 </item>
122 <item>
123 <title>Trump’s Ban on TikTok Violates First Amendment by Eliminating Unique Platform for Political Speech, Activism of Millions of Users, EFF Tells Court</title>
124 <link>https://www.eff.org/deeplinks/2020/09/trumps-ban-tiktok-violates-first-amendment-eliminating-unique-platform-political</link>
125 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>We filed a friend-of-the-court <a href="https://www.eff.org/document/eff-amici-brief-ryan-v-trump">brief</a>—primarily written by the <a href="https://law.asu.edu/first-amendment-clinic">First Amendment Clinic</a> at the Sandra Day O’Connor College of Law—in support of a TikTok employee who is challenging President Donald Trump’s ban on TikTok and was seeking a temporary restraining order (TRO). The employee contends that Trump's executive order infringes the Fifth Amendment rights of TikTok's U.S.-based employees. Our brief, which is joined by two prominent TikTok users, urges the court to consider the First Amendment rights of millions of TikTok users when it evaluates the plaintiff’s claims.<br /><br /><span>Notwithstanding its simple premise, TikTok has grown to have an important influence in American political <a href="https://docs.google.com/document/u/0/">discourse</a> and <a href="https://www.nytimes.com/2020/06/21/style/tiktok-trump-rally-tulsa.html">organizing</a>. Unlike other platforms, users on TikTok do not need to “follow” other users to see what they post. TikTok thus uniquely allows its users to reach wide and diverse audiences. That’s why the two TikTok users who joined our brief use the platform. <a href="https://www.tiktok.com/@lillithashworth">Lillith Ashworth</a>, whose critiques of Democratic presidential candidates <a href="https://www.cnet.com/news/why-trump-supporters-are-showing-up-in-your-tiktok-feed/">went viral</a> last year, uses TikTok to talk about U.S. politics and geopolitics. The other user, Jynx, maintains an 18+ adult-only account, where they post content that centers on radical leftist liberation, feminism, and decolonial politics, as well as the labor rights of exotic dancers.<br /><br />Our brief argues that in evaluating the plaintiff’s claims, the court must consider the ban’s First Amendment implications. The Supreme Court has <a href="https://supreme.justia.com/cases/federal/us/357/449/">established</a> that rights set forth in the Bill of Rights work together; as a result the plaintiff's Fifth Amendment claims are enhanced by the First Amendment considerations. We say in our <a href="https://www.eff.org/document/eff-amici-brief-ryan-v-trump">brief</a>:</span><span></span></p>
126 <blockquote><p><span></span><em>A ban on TikTok violates fundamental First Amendment principles by eliminating a specific type of speaking, the unique expression of a TikTok user communicating with others through that platform, without sufficient considerations for the users’ speech. Even though the order facially targets the platform, its censorial effects are felt most directly by the users, and thus their First Amendment rights must be considered in analyzing its legality.</em></p>
127 </blockquote>
128 <p><em></em>EFF, the First Amendment Clinic, and the individual amici urge the court to adopt a higher standard of scrutiny when reviewing the plaintiff’s claims against the president. Not only are the plaintiff’s Fifth Amendment liberties at stake, but millions of TikTok users have First Amendment freedoms at stake. The Fifth Amendment and the First Amendment are each critical in securing life, liberty, and due process of law. When these amendments are examined separately, they each deserve careful analysis; but when the interests protected by these amendments come together, a court should apply an even higher standard of scrutiny.<br /><br />The hearing on the TRO scheduled for tomorrow was canceled after the government promised the court that it did not intend to include the payment of wages and salaries within the executive order's definition of prohibited transactions, thus addressing the plaintiff's most urgent claims.</p>
129 <p><span> </span></p>
130 <p> </p>
131 <p> </p>
132 <p><span> </span></p>
133
134 </div></div></div></description>
135 <pubDate>Mon, 14 Sep 2020 23:57:31 +0000</pubDate>
136 <guid isPermaLink="false">103723 at https://www.eff.org</guid>
137 <category domain="https://www.eff.org/issues/free-speech">Free Speech</category>
138 <category domain="https://www.eff.org/issues/social-networks">Social Networks</category>
139 <dc:creator>Nathaniel Sobel</dc:creator>
140 </item>
141 <item>
142 <title>Things to Know Before Your Neighborhood Installs an Automated License Plate Reader</title>
143 <link>https://www.eff.org/deeplinks/2020/09/flock-license-plate-reader-homeowners-association-safe-problems</link>
144 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>Every week EFF receives emails from members of homeowner’s associations wondering if their Homeowner’s Association (HOA) or Neighborhood Association is making a smart choice by installing automated license plate readers (ALPRs). Local groups often turn to license plate readers thinking that they will protect their community from crime. But the truth is, these cameras—which record every license plate coming in and out of the neighborhood—may create more problems than they solve. </span></p>
145 <h4><b>The False Promise of ALPRs</b></h4>
146 <p><span>Some members of a community think that, whether they’ve experienced crime in their neighborhood or not, a neighborhood needs increased surveillance in order to be safe. This is part of a larger nationwide trend that shows that </span><a href="https://www.pewresearch.org/fact-tank/2016/11/16/voters-perceptions-of-crime-continue-to-conflict-with-reality/"><span>people’s fear of crime</span></a><span> is incredibly high and getting higher, despite the fact that crime rates in the United States are low by historical standards. </span></p>
147 <p><span>People imagine that if a crime is committed, an association member can hand over to police the license plate numbers of everyone that drove past a camera around the time the crime is believed to have been committed. But this will lead to innocent people becoming suspects because they happened to drive through a specific neighborhood. For some communities, this might mean hundreds of cars end up under suspicion. </span></p>
148 <p><span>Also, despite what ALPR vendors like </span><a href="https://www.flocksafety.com/product/flock-safety-faqs"><span>Flock Safety</span></a><span> and Vigilant Solutions claim, there is </span><a href="https://www.wired.com/story/flock-safety-license-plate-readers-crime/"><span>no real evidence</span></a><span> that ALPRs reduce crime. ALPR vendors, like </span><a href="https://www.eff.org/deeplinks/2020/02/what-know-you-buy-or-install-your-amazon-ring-camera"><span>other surveillance salespeople</span></a><span>, operate on the assumption that surveillance will reduce crime by either making would-be criminals aware of the surveillance in hopes it will be a deterrent, or by using the technology to secure convictions of people that have allegedly committed crimes in the neighborhood. However, there is </span><a href="https://www.mtas.tennessee.edu/knowledgebase/there-empirical-evidence-surveillance-cameras-reduce-crime"><span>little empirical evidence</span></a><span> that such surveillance reduces crime. </span></p>
149 <p class="pull-quote">Like all machines, ALPRs make mistakes</p>
150 <p><b>ALPRs do, however, present a host of other potential problems for people who live, work, or commute in a surveilled area. </b></p>
151 <h4><b>The Danger ALPRs Present To Your Neighborhood</b></h4>
152 <p><span>ALPRs are billed as neighborhood watch tools that allow a community to record which cars enter and leave, and when. They essentially turn any neighborhood into a gated community by casting suspicion on everyone who comes and goes. And some of these ALPR systems (including </span><a href="https://www.flocksafety.com/product/flock-safety-faqs"><span>Flock</span></a><span>’s) can be programmed to allow all neighbors to have access to the records of vehicle comings and goings. But driving through a neighborhood should not lead to suspicion. There are thousands of reasons why a person might be passing through a community, but ALPRs allow anyone in the neighborhood to decide who belongs and who doesn’t. Whatever motivates that individual - racial biases, frustration with another neighbor, even disagreements among family members - could all be used in conjunction with ALPR records to implicate someone in a crime, or in any variety of other legal-but-uncomfortable situations. </span></p>
153 <p><span>The fact that your car passes a certain stop sign at a particular time of day may not seem like invasive information. But you can actually tell a lot of personal information about a person by learning their daily routines—and when they deviate from those routines. If a person’s car stops leaving in the morning, a nosy neighbor at the neighborhood association could infer that they may have lost their job. If a married couple’s cars are never at the house at the same time, neighbors could infer relationship discord. These ALPR cameras also give law enforcement the ability to learn the comings and goings of every car, effectively making it impossible for drivers to protect their privacy. </span></p>
154 <p><span>These dangers are only made worse by the broad dissemination of this sensitive information. It goes not just to neighbors, but also to Flock employees, and even your local police. It might also go to hundreds of other police departments around the country through Flock’s new and aptly-named </span><a href="https://www.flocksafety.com/talon"><span>TALON</span></a><span> program, which links ALPRs around the country. </span></p>
155 <h4><b>ALPR Devices Lack Oversight</b></h4>
156 <p><span>HOAs and Neighborhood Associations are rarely equipped or trained to make responsible decisions when it comes to invasive surveillance technology. After all, these people are not bound by the oversight that sometimes accompanies government use of technology--they’re your neighbors. While police are subject to legally-binding privacy rules (like the Fourth Amendment), HOA members are not. Neighbors could, for instance, use ALPRs to see when a neighbor comes home from work every day. They could see if a house has a regular visitor and what time that person arrives and leaves. In San Antonio, one HOA member was asked what they could do to prevent someone with access to the technology from obsessively following the movements of specific neighbors. He had </span><a href="https://www.expressnews.com/news/local/article/San-Antonio-neighborhoods-look-to-license-plate-14183206.php"><span>never considered</span></a><span> that possibility: "Asked whether board members had established rules to keep track of who searches for what and how often, Cronenberger said it hadn’t dawned on her that someone might use the system to track her neighbors’ movements.” </span></p>
157 <h4><b>Machine Error Endangers Black Lives</b></h4>
158 <p>Like all machines, ALPRs make mistakes. And these mistakes can endanger people’s lives and physical safety. For example, an ALPR might erroneously conclude that a passing car’s license plate matches the plate of a car on a hotlist of stolen cars. This can lead police to stop the car and detain the motorists. As we know, these encounters can turn violent or even deadly, especially if those cars misidentified are being driven by Black motorists. </p>
159 <p><span>This isn’t a hypothetical scenario. Just last month, a false alert from an ALPR led police to </span><a href="https://gizmodo.com/cops-terrorize-black-family-but-blame-license-plate-rea-1844602731"><span>stop a Black family</span></a><span>, point guns at them, and force them to lie on their bellies in a parking lot—including their children, aged six and eight. Tragically, this is not the first time that police have </span><a href="https://www.eff.org/deeplinks/2014/05/new-ninth-circuit-opinion-calls-question-blind-reliance-license-plate-camera-ids"><span>aimed a gun at a Black motorist</span></a><span> because of a false ALPR hit.</span></p>
160 <h4><b>Automated License Plate Reader Abuses by Police Foreshadow Abuses by Neighborhoods</b><span> </span></h4>
161 <p><span>Though police have used these tools for decades, communities have only recently had the ability to install their own ALPR systems. In that time, EFF and many others have criticized both ALPR vendors and law enforcement for their egregious abuses of the data collected. </span></p>
162 <p class="pull-quote"><span><span>Police abuse this technology regularly. And unfortunately, neighborhood users will likely do the same. </span></span></p>
163 <p><span>A </span><a href="https://www.auditor.ca.gov/pdfs/reports/2019-118.pdf"><span>February 2020 California State Auditor’s report</span></a><span> on four jurisdictions’ use of this tech raised several significant concerns. The data collected is primarily not related to individuals suspected of crimes. Many agencies did not implement privacy-protective oversight measures, despite laws requiring it. Several agencies did not have documented usage or retention policies. Many agencies lack guarantees that the stored data is appropriately secure. Several agencies did not adequately confirm that entities they shared data with had a right to receive that information. And many did not have appropriate safeguards for users accessing the data. </span></p>
164 <p><span>California agencies aren’t unique: a </span><a href="https://auditor.vermont.gov/sites/auditor/files/documents/ALPR%20Final.pdf"><span>state audit in Vermont</span></a><span> found that 11% of ALPR searches violated state restrictions on when cops can and can't look at the data. Simply put: police abuse this technology regularly. And unfortunately, neighborhood users will likely do the same. </span></p>
165 <p><span>In fact, the growing ease with which this data can be shared </span><a href="https://www.vigilantsolutions.com/vigilant_solutions_enables_217000_law_enforcement_data_sharing_relationships/"><span>is only increasing</span></a><span>. Vigilant Solutions, a popular vendor for police ALPR tech, shares this data between </span><a href="https://www.vigilantsolutions.com/vigilant_solutions_enables_217000_law_enforcement_data_sharing_relationships/"><span>thousands of departments</span><span> via its LEARN database</span></a><span>. Flock, a vendor that aims to offer this technology to neighborhoods, has </span><a href="https://www.msn.com/en-us/news/technology/license-plate-tracking-for-police-set-to-go-nationwide/ar-BB187gbb"><span>just announced</span></a><span> a new nationwide partnership that allows communities to share footage and data with law enforcement anywhere in the country, vastly expanding its reach. While Flock does include several safeguards that Vigilant Solutions does not, such as encrypted video and 30-day deletion policies, many potential abuses remain.</span></p>
166 <p><span>Additionally, some ALPR systems can automatically flag cars that don’t look a certain way—from rusted vehicles to cars with </span><a href="https://slate.com/technology/2019/07/automatic-license-plate-readers-hoa-police-openalpr.html"><span>dents or poor paint jobs</span></a><span>—endangering anyone who might not feel the need (or have the income required) to keep their car in perfect shape. These “</span><a href="https://www.flocksafety.com/stop-crime"><span>vehicle fingerprints</span></a><span>” might flag, not just a particular license plate, but “</span><a href="https://slate.com/technology/2019/07/automatic-license-plate-readers-hoa-police-openalpr.html"><span>a blue Honda CRV with damage on the passenger side door</span></a><span> and a GA license plate from Fulton County.” Rather than monitoring specific vehicles that come in and out of a neighborhood via their license plate, “vehicle fingerprint” features could create a trouble drag-net style of monitoring. Just because a person is driving a damaged car from an accident, or a long winter has left a person’s car rusty, does not mean they are worthy of suspicion or undue police or community harassment. </span></p>
167 <p><span>Some ALPRs are even designed to search for certain bumper stickers, which could reveal information on the political or social views of the driver. While they aren’t in every ALPR system, and some are just planned, all of these features taken together increase the potential for abuse far beyond the dangers of collecting license plate numbers alone. </span></p>
168 <h4><b>What You Can Tell Your Neighbors if You’re Concerned </b></h4>
169 <p><span>Unfortunately, ALPR devices are not the first piece of technology to exploit irrational fear of crime in order to expand police surveillance and spy on neighbors and passersby. Amazon’s surveillance doorbell Ring currently has over </span><a href="https://www.eff.org/deeplinks/2020/06/amazon-ring-must-end-its-dangerous-partnerships-police"><span>1,300 partnerships with individual police departments</span><span>, which </span></a><span>allow departments to directly request footage from an individual’s personal surveillance camera without presenting a warrant. ALPRs are at least as dangerous: they track our comings and goings; the data can indicate common travel patterns (or unique ones); and because license plates are required by law, there is no obvious way to protect yourself.</span></p>
170 <p><span>If your neighborhood is considering this technology, you have options. Remind your neighbors that it collects data on anyone, regardless of suspicion. They may think that only people with something to hide need to worry—but hide what? And from who? You may not want your neighbor knowing what time you leave your neighborhood in the morning and get back at night. You may also not want the police to know who visits your home and for how long. While the intention is to protect the neighborhood from crime, introducing this kind of surveillance may also end up incriminating your neighbors and friends for reasons you know nothing about. </span></p>
171 <p><span>You can also point out that ALPRs have not been shown to </span><a href="https://www.mtas.tennessee.edu/knowledgebase/there-empirical-evidence-surveillance-cameras-reduce-crime"><span>reduce crime</span></a><span>. Likewise, consider sending around the California State Auditor’s report on abuses by law enforcement. And if the technology is installed, you can (and should) limit the amount of data that’s shared with police, automatically or manually. Remind people of the type of information ALPRs collect and what your neighbors can infer about your private life. </span></p>
172 <p><span>If you drive a car, you’re likely being tracked by ALPRs, at least sometimes. But that doesn’t mean your neighborhood should contribute to the surveillance state. Everyone ought to have a right to pass through a community without being tracked, and without accidentally revealing personal details about how they spend their day. Automatic license plate readers installed in neighborhoods are a step in the wrong direction. </span></p>
173
174 </div></div></div></description>
175 <pubDate>Mon, 14 Sep 2020 19:38:12 +0000</pubDate>
176 <guid isPermaLink="false">103722 at https://www.eff.org</guid>
177 <category domain="https://www.eff.org/taxonomy/term/69">Call To Action</category>
178 <category domain="https://www.eff.org/issues/location-privacy">Locational Privacy</category>
179 <category domain="https://www.eff.org/issues/street-level-surveillance">Street-Level Surveillance</category>
180 <dc:creator>Jason Kelley</dc:creator>
181 <dc:creator>Matthew Guariglia</dc:creator>
182 <enclosure url="https://www.eff.org/files/banner_library/alpr-1.png" alt="" type="image/png" length="8553" />
183 </item>
184 <item>
185 <title>Researchers Targeting AI Bias, Sex Worker Advocate, and Global Internet Freedom Community Honored at EFF’s Pioneer Award Ceremony</title>
186 <link>https://www.eff.org/press/releases/researchers-targeting-ai-bias-sex-worker-advocate-and-global-internet-freedom</link>
187 <description><div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Virtual Ceremony October 15 to Honor Joy Buolamwini, Dr. Timnit Gebru, and Deborah Raji; Danielle Blunt; and the Open Technology Fund (OTF) Community</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>San Francisco – The Electronic Frontier Foundation (EFF) is honored to announce the 2020 Barlow recipients at its Pioneer Award Ceremony: artificial intelligence and racial bias experts Joy Buolamwini, Dr. Timnit Gebru, and Deborah Raji; sex worker activist and tech policy and content moderation researcher Danielle Blunt; and the global Internet freedom organization Open Technology Fund (OTF) and its community.</p>
188 <p>The virtual ceremony will be held October 15 from 5:30 pm to 7 pm PT. The keynote speaker for this year’s ceremony will be Cyrus Farivar, a longtime technology investigative reporter, author, and radio producer. The event will stream live and free on Twitch, YouTube, Facebook, and Twitter, and audience members are encouraged to give a $10 suggested donation. EFF is supported by small donors around the world and you can become an official member at <a href="https://eff.org/PAC-join">https://eff.org/PAC-join</a>.</p>
189 <p>Joy Buolamwini, Dr. Timit Gebru, and Deborah Raji’s trailblazing academic research on race and gender bias in facial analysis technology laid the groundwork for a national movement—and a growing number of legislative victories—aimed at banning law enforcement’s use of flawed and overbroad face surveillance in American cities. The trio collaborated on the <a href="http://gendershades.org/">Gender Shades</a> series of papers based on Buolamwini’s MIT thesis, revealing alarming bias in AI services from companies like Microsoft, IBM, and Amazon. Their subsequent internal and external advocacy spans Stanford, University of Toronto, <a href="https://blackinai.github.io/"><span>Black in AI</span></a>, <a href="https://projectinclude.ca/"><span>Project Include</span></a>, and the <a href="https://www.ajl.org/"><span>Algorithmic Justice League</span></a>. Buolamwini, Gebru, and Raji are bringing light to the profound impact of face recognition technologies on communities of color, personal privacy and free expression, and the fundamental freedom to go about our lives without having our movements and associations covertly monitored and analyzed.</p>
190 <p>Danielle Blunt is one of the co-founders of <a href="https://hackinghustling.org/"><span>Hacking//Hustling</span></a>, a collective of sex workers and accomplices working at the intersection of tech and social justice to interrupt state surveillance and violence facilitated by technology. A professional NYC-based <a href="https://mistressblunt.com/"><span>Femdom</span></a> and <a href="https://nycfootfetish.com/"><span>Dominatrix</span></a>, Blunt researches sex work and equitable access to technology from a public health perspective. She is one of the lead researchers of Hacking//Hustling's “<a href="https://hackinghustling.org/erased-the-impact-of-fosta-sesta-2020/"><span>Erased: The Impact of FOSTA-SESTA and the Removal of Backpage</span></a>” and “Posting to the Void: CDA 230, Censorship, and Content Moderation,” studying the impact of content moderation on the movement work of sex workers and activists. She is also leading organizing efforts around sex worker opposition to the <a href="https://surviveearnit.com/"><span>EARN IT Act</span></a>, which threatens access to encrypted communications, a tool that many in the sex industry rely on for harm reduction, and would also increase platform policing of sex workers and queer and trans youth. Blunt is on the advisory board of Berkman Klein's Initiative for a Representative First Amendment (IfRFA) and the Surveillance Technology Oversight Project in NYC. She enjoys redistributing money from institutions, watching her community thrive, and “making men cry.”</p>
191 <p>The <a href="https://opentech.fund/"><span>Open Technology Fund</span></a> (OTF) has fostered a global community and provided support—both monetary and in-kind—to more than 400 projects that seek to combat censorship and repressive surveillance. The OTF community has helped more than two billion people in over 60 countries access the open Internet more safely and advocate for democracy. OTF earned trust and built community through its open source ethos, transparency, and a commitment to independence from its funder, the U.S. Agency for Global Media (USAGM), and helped fund several technical projects at EFF. However, President Trump recently installed a new CEO for USAGM, who immediately sought to replace OTF's leadership and board and to freeze the organization's funds—threatening to leave many well-established global freedom tools, their users, and their developers in the lurch. Since then, OTF has made some progress in regaining control, but it remains at risk and, as of this writing, USAGM is still withholding critical funding. With this award, EFF is honoring the entire OTF community for their hard work and dedication to global Internet freedom and recognizing the need to protect this community and ensure its survival despite the current political attacks.</p>
192 <p>“One of EFF’s guiding principles is that technology should enhance our rights and freedoms instead of undermining them,” said EFF Executive Director Cindy Cohn. “All our honorees this year are on the front lines if this important work—striving to ensure that no matter where you are from, what you look like, or what you do for a living, the technology you rely on makes your life better and not worse. While most technology is here to stay, a technological dystopia is not inevitable. Used thoughtfully, and supported by the right laws and policies, technology can and will make the world better. We are so proud that all of our honorees are joining us to fight for this together.”</p>
193 <p>Awarded every year since 1992, EFF’s Pioneer Award Ceremony recognize the leaders who are extending freedom and innovation on the electronic frontier. Previous honorees have included Malkia Cyril, William Gibson, danah boyd, Aaron Swartz, and Chelsea Manning. Sponsors of the 2020 Pioneer Award ceremony include Dropbox; No Starch Press; Ridder, Costa, and Johnstone LLP; and Ron Reed.</p>
194 <p>To attend the virtual Pioneer Awards ceremony:<br /><a href="https://eff.org/PAC-register">https://eff.org/PAC-register</a><br /><br />For more on the Pioneer Award ceremony:<br /><a href="https://www.eff.org/awards/pioneer/2020">https://www.eff.org/awards/pioneer/2020</a></p>
195
196 </div></div></div><div class="field field--name-field-contact field--type-node-reference field--label-above"><div class="field__label">Contact:&nbsp;</div><div class="field__items"><div class="field__item even"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
197
198
199 <div class="">
200 <div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Rebecca</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Jeschke</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Media Relations Director and Digital Rights Analyst</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:press@eff.org">press@eff.org</a></div></div></div> </div>
201
202 </div>
203
204 </div></div></div></description>
205 <pubDate>Mon, 14 Sep 2020 16:49:54 +0000</pubDate>
206 <guid isPermaLink="false">103721 at https://www.eff.org</guid>
207 <dc:creator>Rebecca Jeschke</dc:creator>
208 <enclosure url="https://www.eff.org/files/banner_library/pioneerawards2020_digital_assets_banner_no_text.png" alt="Pioneer 2020" type="image/png" length="43258" />
209 </item>
210 <item>
211 <title>EFF to EU Commission on Article 17: Prioritize Users’ Rights, Let Go of Filters</title>
212 <link>https://www.eff.org/deeplinks/2020/09/eff-eu-commission-article-17-prioritize-users-rights-let-go-filters</link>
213 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>During the Article 17 (formerly #Article13) discussions about the availability of copyright-protected works online, we fought hand-in-hand with European civil society to avoid all communications being subjected to interception and arbitrary censorship by automated upload filters. However, by turning tech companies and online services operators into copyright police, the final version of the EU Copyright Directive failed to live up to the expectations of millions of affected users who fought for an Internet in which their speech is not automatically scanned, filtered, weighed, and measured.</span></p>
214 <h2><b>Our Watch Has Not Ended</b></h2>
215 <p><span>EU "Directives" are not automatically applicable. EU member states must “transpose” the directives into national law. The Copyright Directive includes some safeguards to prevent the restriction of fundamental free expression rights, ultimately requiring national governments to </span><a href="https://www.eff.org/deeplinks/2020/02/europeans-deserve-have-their-governments-test-not-trust-filters"><span>balance the rights of users and copyright holders alike.</span></a><span> At the EU level, the Commission has launched a Stakeholder Dialogue to support the drafting of guidelines for the application of Article 17, which must be implemented in national laws by June 7, 2021. EFF and other digital rights organizations have a seat at the table, alongside rightsholders from the music and film industries and representatives of big tech companies like Google and Facebook. <br /></span></p>
216 <p><span>During the stakeholder meetings, we made a strong case for preserving users’ rights to free speech, making suggestions for averting a race among service providers to over-block user content. We also asked the EU Commission to share the draft guidelines with rights organizations and the public, and allow both to comment on and suggest improvements to ensure that they comply with European Union civil and human rights requirements.</span></p>
217 <h2><b>The Targeted Consultation: Don’t Experiment With User Rights</b></h2>
218 <p><span>The Commission has partly complied with EFF and its partners’ request for transparency and participation. The Commission launched a targeted </span><span>consultation</span><span> addressed to members of the EU Stakeholder Group on Article 17. Our <a href="https://www.eff.org/document/art-17-c-dsm-consultation-response-eff">response</a> focuses on mitigating the dangerous consequences of the Article 17 experiment by focusing on user rights, specifically free speech, and by limiting the use of automated filtering, which is notoriously inaccurate.</span></p>
219 <p><b>Our main recommendations are:</b></p>
220 <ul>
221 <li><span>Produce a non-exhaustive list of service providers that are excluded from the obligations under the Directive. Service providers not listed </span><i><span>might</span></i><span> not fall under the Directive’s rules, and would have to be evaluated on a case-by-case basis;</span></li>
222 <li><span>Ensure that the platforms’ obligation to show best efforts to obtain rightsholders’ authorization and ensure infringing content is not available is a mere due diligence duty and must be interpreted in light of the principles of proportionality and user rights exceptions;</span></li>
223 <li><span>Recommend that Member States not mandate the use of technology or impose any specific technological solutions on service providers in order to demonstrate “best efforts”;</span></li>
224 <li><span>Establish a requirement to avoid general user (content) monitoring. Spell out that the implementation of Art 17 should never lead to the adoption of upload filters and hence general monitoring of user content;</span></li>
225 <li><span>State that the mere fact that content recognition technology is used by some companies does not mean that it </span><i><span>must</span></i><span> be used to comply with Art 17. Quite the opposite is true: automated technologies to detect and remove content based on rightsholders’ information may not be in line with the balance sought by Article 17.</span></li>
226 <li><span>Safeguard the diversity of platforms and not put disproportionate burden on smaller companies, which play an important role in the EU tech ecosystem;</span></li>
227 <li><span>Establish that content recognition technology cannot assess whether the uploaded content is infringing or covered by a legitimate use. Filter technology may serve as assistants, but can never replace a (legal) review by a qualified human;</span></li>
228 <li><span>Filter-technology can also not assess whether user content is likely infringing copyright;</span></li>
229 <li><span>If you believe that filters work, prove it. The Guidance should contain a recommendation to create and maintain test suites if member states decide to establish copyright filters. These suites should evaluate the filters' ability to correctly identify both infringing materials and non-infringing uses. Filters should not be approved for use unless they can meet this challenge;</span></li>
230 <li><span>Complaint and redress procedures are not enough. Fundamental rights must be protected from the start and not only after content has been taken down;</span></li>
231 <li><span>The Guidance should address the very problematic relationship between the use of automated filter technologies and privacy rights, in particular the right not to be subject to a decision based solely on automated processing under the GDPR.</span></li>
232 </ul>
233
234 </div></div></div></description>
235 <pubDate>Fri, 11 Sep 2020 07:00:00 +0000</pubDate>
236 <guid isPermaLink="false">103713 at https://www.eff.org</guid>
237 <category domain="https://www.eff.org/issues/article-13">Article 13</category>
238 <category domain="https://www.eff.org/issues/eu-policy">EU Policy</category>
239 <dc:creator>Christoph Schmon</dc:creator>
240 <enclosure url="https://www.eff.org/files/banner_library/og-copyrightbot-hd_0_3.png" alt="" type="image/png" length="20060" />
241 </item>
242 <item>
243 <title>Spain’s New Who Defends Your Data Report Shows Robust Privacy Policies But Crucial Gaps to Fill </title>
244 <link>https://www.eff.org/deeplinks/2020/09/spains-new-who-defends-your-data-report-shows-robust-privacy-policies-crucial-gaps</link>
245 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><a href="https://eticasfoundation.org/"><span>ETICAS Foundation</span></a><span>’s second </span><a href="https://eticasfoundation.org/ya-esta-aqui-la-2a-edicion-de-quien-defiende-tus-datos/"><span>¿Quien Defiende Tus Datos?</span></a><span> (</span><i><span>Who Defends Your Data?</span></i><span>) report on data privacy practices in Spain shows how Spain’s leading Internet and mobile app providers are making progress in being clear about how users' personal data is being protected. Providers are disclosing what information is being collected, how long it’s being kept, and who it’s shared with. Compared to Eticas' first report on Spain in 2018, there was significant improvement in the number of companies informing users about how long they store data as well as notifying users about privacy policy changes.</span></p>
246 <p><span>The report evaluating policies at 13 Spanish Internet companies also indicates that a handful are taking seriously their obligations under the new General Data Protection Regulation (GDPR), the European Union’s data privacy law that sets tough standards for protecting customers’ private information and gives users more information about and control over their private data. The law went into effect in December 2018.<br /></span></p>
247 <p><span>But the good news for most of the companies pretty much stops there. All but the largest Internet providers in Spain are seriously lagging when it comes to transparency around government demands for user data, according to the Eticas report released today.<br /></span></p>
248 <p><span>While </span><b>Orange</b><span> commits to notify users about government requests and both </span><b>Vodafone</b><span> and </span><b>Telefónica</b><span> clearly state the need for a court order before handing users’ communications to authorities, other featured companies have much to improve. They are failing to provide information about how they handle law enforcement requests for user data, whether they require judicial authorization before giving personal information to police, or if they notify users as soon as legally possible that their data was released to law enforcement. The lack of disclosure about their practices leaves an open question about whether they have users’ backs when the government wants personal data. <br /></span></p>
249 <p><span>The format of the Eticas report is based on EFF’s Who Has Your Back project, which was launched nine years ago to shine a light on how well U.S. companies protect user data, especially when the government wants it. Since then the project has expanded internationally, with leading digital rights groups in Europe and the Americas evaluating data privacy practices of Internet companies so that users can make informed choices about to whom they should trust their data. Eticas Foundation first evaluated Spain’s leading providers in 2018 as part of </span><a href="https://www.eff.org/pages/quien-defiende-tus-datos"><span>a region-wide initiative</span></a><span> focusing on Internet privacy policies and practices in Iberoamerica. </span></p>
250 <p><span>In today’s report, Eticas evaluated 13 companies, including six telecom providers (</span><b>Orange, Ono-Vodafone, Telefónica-Movistar, MásMóvil, Euskatel</b><span>, and </span><b>Somos Conexión</b><span>), five home sales and rental apps (</span><b>Fotocasa, Idealista, Habitaclia, Pisos.com</b><span>, and </span><b>YaEncontré</b><span>), and two apps for selling second hand goods (</span><b>Vibbo</b><span> and </span><b>Wallapop</b><span>). The companies were assessed against a set of criteria covering policies for data collection, handing data over to law enforcement agencies, notifying customers about government data requests, publishing transparency reports, and promoting user privacy. Companies were awarded stars based on their practices and conduct. In light of the adoption of the GDPR, this year’s report assessed companies against several new criteria, including providing information on how to contact a company data protection officer, using private data to automate decision making without human involvement and build user profiles, and practices regarding international data transfers. Etica also looked at whether they provide guidelines, tailored to local law, for law enforcement seeking user data. <br /></span></p>
251 <p><span>The full study is available </span><a href="https://eticasfoundation.org/ya-esta-aqui-la-2a-edicion-de-quien-defiende-tus-datos/"><span>in Spanish</span></a><span>, and we outline the main findings below. </span></p>
252 <p><b>An Overview of Companies' Commitments and Shortcomings</b></p>
253 <p><span><img src="/files/2020/09/09/qdtd-spain_tablas_finales_1-1.png" alt="" width="905" height="640" /></span></p>
254 <p><b>Telefonica-Movistar</b><span>, Spain’s largest mobile phone company, was the most highly rated, earning stars in 10 out of 13 categories. </span><b>Vodafone</b><span> was a close second, with nine stars. There was a big improvement overall in companies providing information about how long they keep user data—all 13 companies reported doing so this year, compared to only three companies earning partial credit in 2018. The implementation of the GDPR has had a positive effect on privacy policies at only some companies, the report shows. While most companies are providing contact information for data protection officials, only four—</span><b>Movistar, Fotocasa, Habitaclia</b><span>, and </span><b>Vibbo</b><span>—provide information about their practices for using data-based, nonhuman decision making, and profiling, and six—</span><b>Vodafone, MásMóvil, Pisos.com, Idealista, Yaencontré</b><span>, and </span><b>Wallapop</b><span>—provide information only about profiling. <br /></span></p>
255 <p><span>Only </span><b>Telefónica-Movistar</b><span> and </span><b>Vodafone</b><span> disclose information to users about its policies for giving personal data to law enforcement agencies. </span><b>Telefonica-Movistar</b> <span>is vague in its data protection policy, only stating that it will hand user data to police in accordance with the law. However, the company’s </span><a href="https://www.telefonica.com/documents/153952/183394/Informe-Transparencia-Comunicaciones-2019.pdf/00cb6cba-dbe7-df8d-64d1-df8510830960"><span>transparency report</span></a><span> shows that it lets police intercept communications only with a court order or in emergency situations. For metadata, the information provided is generic: it only mentions the legal framework and the authorities entitled to request it (judges, prosecutors, and the police). <br /></span></p>
256 <p><b>Vodafone’s</b><span> privacy policy says data will be handed over “according to the law and according to an exhaustive assessment of all legal requirements”. While its data protection policy does not provide information in a clear way, there’s an </span><a href="https://www.vodafone.com/content/dam/vodcom/sustainability/pdfs/vodafone_drf_law_enforcement_disclosure_legal_annexe_2016.pdf"><span>applicable legal framework report</span></a><span> that describes both the framework and how the company interprets it, and states that a court order is needed to provide content and metadata to law enforcement. <br /></span></p>
257 <p><b>Orange Spain</b><span> is the only company that says it’s committed to telling users when their data is released to law enforcement unless there’s a legal prohibition against it. Because the company didn’t make clear it will do so as soon as there's no legal barrier, it received partial credit. </span><b>Euskatel</b><span> and </span><b>Somos Conexión</b><span>, smaller ISPs, have stood out in promoting user privacy through campaigns or defending users in courts. On the latter, </span><b>Euskatel</b><span> has challenged a judicial order demanding the company reveal IP addresses in a commercial claim. After finally handing them over once the sentence was confirmed by a higher court, Euskatel </span><a href="https://www.euskaltel.com/CanalOnline/aboutus/press-room/news/20190523081447516"><span>filed a complaint</span></a><span> with the Spanish data protection authority for possible violation of purpose limitation safeguards considering how the claimant used the data.</span></p>
258 <p><span>The report shows that, in general, the five home apps (</span><b>Fotocasa, Idealista, Habitaclia, Pisos.com</b><span>, and </span><b>YaEncontré</b><span>) and two second-hand goods sales apps (</span><b>Vibbo</b><span> and </span><b>Wallapop</b><span>) have to step up their privacy information game considerably. They received no stars in fully nine out of the 13 categories evaluated. This should give users pause and, in turn, motivate these companies to increase transparency about their data privacy practices so that the next time they are asked if they protect customers’ personal data, they have more to show. <br /></span></p>
259 <p><span>Through ¿Quien Defiende Tus Datos? reports, local organizations in collaboration with EFF have been comparing companies' commitments to transparency and users' privacy in different Latin American countries and Spain. Earlier this year, </span><a href="https://stats.karisma.org.co/"><span>Fundación Karisma</span></a><span> in Colombia, </span><a href="https://adc.org.ar/"><span>ADC</span></a><span> in Argentina, and </span><a href="https://www.tedic.org/"><span>TEDIC</span></a><span> in Paraguay published new reports. New editions in</span><a href="https://www.eff.org/pages/panama-0"><span> Panamá</span></a><span>,</span><a href="https://www.eff.org/pages/peru-0"><span> Peru</span></a><span>, and</span><a href="https://www.eff.org/pages/brazil-0"><span> Brazil</span></a><span> are also on their way to spot which companies stand with their users and those that fall short of doing so.</span><b> </b></p>
260
261
262 </div></div></div></description>
263 <pubDate>Fri, 11 Sep 2020 00:30:53 +0000</pubDate>
264 <guid isPermaLink="false">103701 at https://www.eff.org</guid>
265 <category domain="https://www.eff.org/issues/quien-defiende-tus-datos">¿Quién defiende tus datos?</category>
266 <category domain="https://www.eff.org/issues/international">International</category>
267 <category domain="https://www.eff.org/issues/privacy">Privacy</category>
268 <category domain="https://www.eff.org/issues/necessary-and-proportionate">Necessary and Proportionate</category>
269 <category domain="https://www.eff.org/issues/surveillance-human-rights">Surveillance and Human Rights</category>
270 <dc:creator>Karen Gullo</dc:creator>
271 <enclosure url="https://www.eff.org/files/banner_library/qttd-banner-2b.png" alt="¿Quién defiende tus datos?" type="image/png" length="18451" />
272 </item>
273 <item>
274 <title>Workplace Surveillance in Times of Corona</title>
275 <link>https://www.eff.org/deeplinks/2020/09/workplace-surveillance-times-corona</link>
276 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>With numbers of COVID-19 infections soaring again in the United States and around the world, we have to learn how to manage its long-term ramifications for our economies. As people adjust to minimizing the risk of infections in everyday settings, one critical context is work. Even though millions have shifted to working from home during the past months, remote work is not possible for every industry. While the pandemic has had a </span><a href="https://www.ilo.org/wcmsp5/groups/public/@dgreports/@dcomm/documents/briefingnote/wcms_745337.pdf"><span>critical disruptive effect</span></a><span> on work and employment virtually everywhere in the world, it has not affected everyone in the same ways. The </span><a href="https://www.ilo.org/wcmsp5/groups/public/---dgreports/---dcomm/documents/briefingnote/wcms_740877.pdf"><span>International Labor Organization</span></a><span> notes that the current crisis significantly affects women, workers in precarious situations who lack access to health care or limited social security benefits, and informal workers, who work jobs that are not taxed or registered by the government. In Latin America, 60% of workers </span><a href="http://vox.lacea.org/?q=blog/informality_latam_postcovid19"><span>are considered</span></a><span> informal, with 58% of informal workers living in economic vulnerability on 13 U.S. dollars or less per day or in poverty on less than 5.5 U.S. dollars per day. Many have no choice but to work outside the home. This can involve putting their health and livelihoods on the line, especially in countries with insufficient public health care or unemployment programs.</span></p>
277 <p><span>As businesses strive to re-open, and many workers depend on them doing so, many employers are looking at </span><a href="https://www.eff.org/deeplinks/2020/09/covid-19-tracking-technology-will-not-save-us"><span>experimental technologies</span></a><span> to navigate the risk of infections among their workforce. Over the past months, </span><a href="https://www.citizen.org/wp-content/uploads/Workplace-Privacy-after-Covid-19-final.pdf"><span>dozens of new apps</span></a><span>, wearables, and other technologies have sought to help mitigate the risks of COVID at work, not counting the many examples of pre-existing workplace technologies already in use for different purposes. Some technologies seek to trace the proximity of one person with another to estimate whether they are less than approximately six feet (or two meters) apart for a sufficient time. This data can be used to notify workers of potential exposures to COVID. </span><a href="https://www.eff.org/deeplinks/2020/09/exposure-notification-technology-ready-its-closeup"><span>Decentralized Bluetooth proximity</span></a><span> is the most promising approach for technology-assisted exposure notification that minimizes privacy risks. But while some employers aim for that goal, others are using apps that track workers’ individualized phone location data with GPS. GPS is extremely sensitive, especially when it collects worker movements outside the workplace, and is </span><a href="https://www.gps.gov/systems/gps/performance/accuracy/"><span>insufficiently granular</span></a><span> to identify when two co-workers were close enough together to transmit the virus. </span></p>
278 <p><span>Other companies ask employees to submit daily symptom checks to their employers. Some checks may be as simple as one or two yes/no questions, while others collect more granular symptom data. The more information a company collects, the greater the risk that it can be used to detect conditions, or side effects of treatments, that have nothing to do with COVID-19. This is an issue because many companies are not subject to the privacy protections in the 1996 Federal Health Insurance Portability and Accountability Act (“HIPAA”). HIPAA has a very limited scope because protections for health information in the U.S. rely on who has the data. In general, only data created or maintained by health plans, health care clearinghouses, health care providers that conduct certain health care transactions electronically, and their business associates have HIPAA protections. Data collected by any other entity, such as an employer, usually do not. </span><span>Under the EU General Data Protection Regulation (GDPR), an employee's </span><a href="https://gdpr-info.eu/art-4-gdpr/"><span>personal data</span></a><span> concerning </span><a href="https://gdpr-info.eu/recitals/no-35/"><span>their health includes</span></a><span> all data about their “health status (...) which reveals information relating to the past, current or future physical or mental health status”. Peoples’ rights flow with their data</span><span>. </span><span>The European Union has always treated such personal data as sensitive with stringent limitations. In short, many of them seriously undermine employees’ privacy and other fundamental rights and collect information in a way that gives employees little protection.</span></p>
279 <h3><b>Health Surveys and Contact Tracing Apps</b></h3>
280 <p><span>One common category of technology to mitigate COVID-19 at work are apps that prompt workers to report information about their health status. One is </span><a href="https://www.weprotectwell.com/"><span>ProtectWell</span></a><span>, developed by Microsoft in cooperation with United Health, a for-profit health care company located in Minnesota. Urging its prospective users not to keep “life on hold,” ProtectWell allows organizations to build custom health surveys. It also offers </span><a href="https://www.healthcaredive.com/news/unitedhealth-microsoft-covid-19-screening-app-employers-work/578068/"><span>Microsoft’s healthcare bot</span></a><span> to help triage which symptoms are most concerning. When users are considered to be at risk, employers can direct them to undergo a testing process that will report the results directly back to the employer. ProtectWell’s </span><a href="https://www.weprotectwell.com/privacy-policy"><span>privacy policy</span></a><span> clarifies, as it should, that any information disclosed to the app is not considered health information as defined in HIPAA, and hence not protected as such. The privacy policy further allows United Health to share test results and responses to symptom surveys with a user’s employer, without requiring the worker’s consent. While both </span><a href="https://news.microsoft.com/2020/05/15/unitedhealth-group-and-microsoft-collaborate-to-launch-protectwell-protocol-and-app-to-support-return-to-workplace-planning-and-covid-19-symptom-screening/"><span>Microsoft and United Health plan</span></a><span> on deploying the app for their workforces, it is not clear whether their employees have a choice in that, or how widely other organizations have taken up the app. But ProtectWell evokes many of the </span><a href="https://www.consumerreports.org/health-privacy/are-workplace-wellness-programs-a-privacy-problem/"><span>privacy concerns</span></a><span> related to workplace wellness programs. Many workplaces offer wellness programs meant to incentivize employees to participate in health screenings or fitness programs. Workers often face the difficult choice of forgoing certain benefits by not participating, or giving their employers access to potentially sensitive health data which </span><a href="https://www.eff.org/deeplinks/2016/07/new-eeoc-rules-allow-employers-pay-employees-health-information"><span>can be abused </span></a><span>in a myriad of ways. </span></p>
281 <p><span>Another example is </span><a href="https://www.pwc.com/us/en/products/check-in.html"><span>Check-in</span></a><span>, a suite of products developed and marketed by Price Waterhouse Cooper (PwC). Noting that “83% of companies do not have processes and systems in place to track all of their workforces,” PwC offers customers an app that combines location tracking using GPS with a tool that monitors employees’ productivity. Once downloaded, the app activates WiFi and Bluetooth capabilities to keep track of which workers have been in close contact, and uses the phones’ GPS signals to determine when they are at the company’s premises. As </span><a href="https://www.pwc.com/us/en/library/covid-19/global-privacy-impact-assessment.html#stabilize"><span>the company itself notes</span></a><span>, “app-based contact tracing can result in processing more data than is needed for the intended purpose of notifying affected individuals.” GPS data, in particular, can expose where a worker has been and what they have been doing, both inside and outside the office. </span></p>
282 <p><span>PwC does not provide detailed information about the location tracking capabilities of the app. A spokesman </span><a href="https://www.cnbc.com/2020/05/06/pwc-is-building-coronavirus-contact-tracing-software-for-companies.html"><span>explains</span></a><span> that the data collected is made available to managers to help trace workers who might have been in proximity to a COVID patient. PwC has not shown that employees’ consent to such use before the app shares their health data with their employers. Even if the policy requires this, such consent can be questionable, since workers—with their livelihoods at stake—may not exercise real choice when their employer tells them to strap it on or release personal data. In the European Union, under the GDPR, consent can't be a valid legal ground to process the data when the employee feels compelled to consent or endure negative consequences if they do not consent. Employers may find another legal basis to process employee’s health data, such as legitimate interest. However, legitimate interest </span><a href="https://gdpr-info.eu/art-6-gdpr/"><span>may not be possible to use</span></a><span> if the employer’s interests “are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.” Such an assessment might need to be done case-by-case.</span></p>
283 <p><span>Beyond its location and proximity tracking features, the app also includes a feature named “</span><a href="https://www.pwc.com/us/en/products/check-in.html"><span>status connect</span></a><span>” which allows employers to check in with their workers to understand factors that may inhibit their productivity on a given day. Designed to “spot productivity blockers for remote workers,” Status Connect offers employers access to a trove of sensitive information regarding their employees’ health, location (remote or on-site), and productivity. According to </span><a href="https://www.cnbc.com/2020/05/06/pwc-is-building-coronavirus-contact-tracing-software-for-companies.html"><span>reports</span></a><span>, PwC is currently testing the suite. </span></p>
284 <p><a href="https://www.blacklinesafety.com/contact-tracing"><span>Blackline Safety</span></a><span>, a Canadian company, has found another approach to location tracking by combining its “intrinsically safe” </span><a href="https://www.blacklinesafety.com/g7c-wireless-gas-detector"><span>G7C wearable device</span></a><span> (designed to detect gas leakages) and a smartphone app to supervise ‘lone’ workers. Blackline is thus an example of companies repurposing existing technology for COVID purposes, with questionable results. Blackline’s G7C wearable uses GPS tracking to locate its wearer. When using the product, “employee location data streams to the Blackline Safety Cloud,” allowing companies to “immediately retrace [an] individual's steps” in order to see whom they may have been in contact with. This tool may be appropriate for some non-COVID purposes, such as promoting safety for employees who work in remote or hazardous environments. Still, GPS data is too sensitive, too prone to abuse, and </span><a href="https://www.eff.org/deeplinks/2020/03/governments-havent-shown-location-surveillance-would-help-contain-covid-19"><span>not effective enough</span></a><span> to serve as the basis for COVID exposure notification.</span></p>
285 <h3><b>Enforcing Social Distancing </b></h3>
286 <p><span>Besides mobile apps, employers can also deploy hardware in their quest to control COVID infections in their organization. Several companies have developed machine vision software designed to augment existing camera systems to monitor people's compliance with social distancing rules. </span><a href="https://www.smartvid.io/safety-suite"><span>Smartvid.io</span></a><span>, a company prominent in the construction industry, claims that its technology can help organizations identify and log the numbers of people not adhering to social distancing or not wearing protective masks. The software automatically generates reports to help managers “reward COVID-19 safety practices.” It is unclear whether and how Smartvid.io has access to the data generated by cameras equipped with its software, which could be used to collect detailed logs of workers’ locations, productivity levels, and even with whom they socialize at work. </span></p>
287 <p><span>Based in Pune, India, </span><a href="https://glimpseanalytics.com/"><span>Glimpse Analytics</span></a><span> is another company that claims to help employers implement health guidelines. Like Smartvid, its </span><a href="https://s3.ap-south-1.amazonaws.com/glimpseanalytics.com/Offices-Covid-19+Brochure-GlimpseAnalytics.pdf"><span>One Glimpse Edge’ device</span></a><span> connects with pre-existing CCTV cameras and triggers alerts when rooms reach maximum occupancy, or when individuals appear to be too close or fail to wear masks. The software also ‘tracks’ housekeeping staff tasked with cleaning workspaces. While Glimpse Analytics maintains that its software ensures people’s privacy, as it does not recognize faces, and that all data is encrypted and processed locally, it enables sweeping workplace surveillance. It amasses large volumes of sensitive data, without requiring workers’ consent.</span></p>
288 <p><span>Likewise, Amazon recently introduced its ‘</span><a href="https://blog.aboutamazon.com/operations/amazon-introduces-distance-assistant"><span>Distance Assistant</span></a><span>.’ The software, which was made </span><a href="https://github.com/amzn/distance-assistant"><span>open source</span></a><span>, aims to monitor workers’ distance to implement social distancing guidelines. Hooked up to cameras, sensors, and a TV screen, the assistant is meant to give instant visual feedback when workers are too close to each other. Amazon has </span><a href="https://techcrunch.com/2020/06/16/amazon-is-using-ar-to-encourage-employee-social-distancing/"><span>deployed</span></a><span> the software, which businesses and individuals can access free of charge, across several of its buildings. Besides the question of just how useful this piece of technology can be in keeping workers safe, it is unclear how the captured data is stored, used, and shared, and what steps Amazon is taking to maintain workers’ privacy. Data about workers’ movement patterns could likely be abused to provide managers with information about which employees associate with each other. </span></p>
289 <h3><b>Conclusion</b></h3>
290 <p><span>Purveyors of a variety of new and repurposed surveillance technologies seek to help employers mitigate the risks of workplace COVID infections. But many of these technologies pose severe threats to workers’ privacy and other fundamental rights. In particular, a technology that creates graphs of interactions between co-workers could stifle workers’ freedom to associate, even safely, and enable turnkey union-busting. Furthermore, many of these tools are untested and unproven, and may not be as effective as employers hope. While employers must do what they can to keep their workers safe, such efforts should not come at the price of undermining workers’ privacy. </span></p>
291
292 </div></div></div></description>
293 <pubDate>Fri, 11 Sep 2020 00:15:32 +0000</pubDate>
294 <guid isPermaLink="false">103715 at https://www.eff.org</guid>
295 <category domain="https://www.eff.org/type-blog-post/policy-analysis">Policy Analysis</category>
296 <category domain="https://www.eff.org/issues/privacy">Privacy</category>
297 <category domain="https://www.eff.org/issues/covid-19">COVID-19 and Digital Rights</category>
298 <dc:creator>Katitza Rodriguez</dc:creator>
299 <dc:creator>Svea Windwehr</dc:creator>
300 </item>
301 <item>
302 <title>EFF Tells California Supreme Court Not to Require ExamSoft for Bar Exam </title>
303 <link>https://www.eff.org/deeplinks/2020/09/eff-tells-california-supreme-court-not-require-examsoft-bar-exam</link>
304 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>This week, EFF sent a letter (<a href="https://www.eff.org/document/eff-letter-ca-supreme-court-about-examsoft-2020">pdf link</a>) to the Supreme Court of California objecting to the </span><a href="https://www.calbar.ca.gov/Portals/0/documents/admissions/Examinations/October-2020-Bar-Exam-FAQs.pdf"><span>required use</span></a><span> of the proctoring tool ExamSoft for the October 2020 California Bar Exam. Test takers should not be forced to give their biometric data to ExamSoft, the letter says, which can use it for marketing purposes, share it with third parties, or hand it over to law enforcement, without the ability to opt out and delete this information. This remote proctoring solution forces Bar applicants to surrender the privacy and security of their personal biometric information, violating the California Consumer Privacy Act. EFF asked the California Bar to devise an alternative option for the </span><a href="https://www.calbar.ca.gov/Admissions/Law-School-Regulation/Exam-Statistics"><span>five-thousand</span></a><span> or so expected test takers next month. </span></p>
305 <p><span>ExamSoft is a popular </span><a href="https://www.eff.org/deeplinks/2020/08/proctoring-apps-subject-students-unnecessary-surveillance"><span>proctoring or assessment software product</span></a><span> that purports to allow remote testing while determining whether a student is cheating. To do so, it uses various </span><a href="https://www.theverge.com/2020/4/29/21232777/examity-remote-test-proctoring-online-class-education"><span>privacy-invasive technical monitoring techniques</span></a><span>, such as, comparing test takers’ images using facial recognition, tracking eye movement, recording patterns of keystrokes, and recording video and audio of students’ surroundings as they take the test. The type of data ExamSoft collects includes “facial recognition and biometric data of each individual test taker for an extended period of time, including a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry”. Additionally, ExamSoft has access to the device’s webcam, including audio and video access, and screen, for the duration of the exam. </span></p>
306 <p><span>ExamSoft’s collection of test takers’ biometric and other personal data implicates the California Consumer Privacy Act. At a minimum, the letter states, the State Bar of California must provide a mechanism for students to opt out of the sale of their data, and to delete it, to comply with this law: </span></p>
307 <blockquote><p><i><span>The California Bar should clearly inform test takers of their protections under the CCPA. Before test takers are asked to use such an invasive piece of software, the California Bar should confirm that, at an absolute minimum, it has in place a mechanism to allow test takers to access their ExamSoft data, to opt out of the “sale” of their data, and to request its deletion. Students should have all of these rights without facing threat of punishment. It is bad enough that the use of ExamSoft puts the state in the regrettable position of coercing students into compromising their privacy and security in exchange for their sole chance to take the Bar Exam. It should not compound that by denying them their rights under state privacy law.</span></i></p>
308 </blockquote>
309 <p><span>In addition to these privacy invasions, proctoring software brings with it </span><a href="https://www.eff.org/deeplinks/2020/08/proctoring-apps-subject-students-unnecessary-surveillance"><span>many potential other dangers</span></a><span>, including threats to security: vast troves of personal data have already leaked from one proctoring company, ProctorU, </span><a href="https://www.bleepingcomputer.com/news/security/proctoru-confirms-data-breach-after-database-leaked-online/"><span>affecting 440,000 users</span></a><span>. The ACLU has </span><a href="https://www.aclunc.org/sites/default/files/ACLU_Advocacy_Letter_re_Online_Bar_Exam.pdf"><span>also expressed concerns</span></a><span> with the software’s use of facial recognition, which will “exacerbate racial and socioeconomic inequities in the legal profession and beyond.” And lastly, this type of software has been shown to have </span><a href="https://www.tampabay.com/news/florida/2020/08/17/technical-glitches-postpone-florida-bar-exams-set-for-wednesday."><span>technical issues</span></a><span> that could cause students to experience unexpected problems while taking the Bar Exam, and comes with requirements that could harm users who cannot meet them, such as requiring a laptop that is relatively new, and broadband speed that </span><a href="https://www.ppic.org/wp-content/uploads/jtf-californias-digital-divide.pdf."><span>many households do not have</span></a><span>. Other states have </span><a href="https://www.abajournal.com/web/article/due-to-technology-concerns-software-provider-pulls-out-of-remotely-proctored-bar-exams"><span>canceled the use of proctoring software</span></a><span> for their bar exams due to the inability to ensure a “secure and reliable” experience. California should take this into account when considering its use of proctoring software.</span></p>
310 <p><span>The entrance fee for becoming a lawyer in California should not include compromising personal privacy and security. The Bar Exam is already a nerve-wracking, anxiety-inducing test. We ask the Supreme Court of California to take seriously the risks presented by ExamSoft and pursue alternatives that do not put exam takers in jeopardy.</span></p>
311
312 </div></div></div></description>
313 <pubDate>Thu, 10 Sep 2020 17:07:17 +0000</pubDate>
314 <guid isPermaLink="false">103709 at https://www.eff.org</guid>
315 <category domain="https://www.eff.org/taxonomy/term/70">Commentary</category>
316 <category domain="https://www.eff.org/issues/student-privacy">Student Privacy</category>
317 <category domain="https://www.eff.org/issues/biometrics">Biometrics</category>
318 <dc:creator>Jason Kelley</dc:creator>
319 <dc:creator>Sophia Cope</dc:creator>
320 <dc:creator>Lindsay Oliver</dc:creator>
321 <enclosure url="https://www.eff.org/files/banner_library/og-studentprivacygoogle_0.png" alt="" type="image/png" length="23530" />
322 </item>
323 <item>
324 <title>California Still Needs Privacy Protections for COVID Tracking Apps</title>
325 <link>https://www.eff.org/deeplinks/2020/09/california-still-needs-privacy-protections-covid-tracking-apps</link>
326 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Many states have launched their own versions of exposure notification or tracking apps as a <a href="https://www.eff.org/deeplinks/2020/09/covid-19-tracking-technology-will-not-save-us">part of their response</a> to the ongoing COVID-19 pandemic. California may be poised to join them. Yet the Golden State still has not enacted any privacy standards for state COVID tracking apps, or for contracts the state may enter to deploy such programs.</p>
327 <p>This week, <a href="https://twitter.com/GovofCO/status/1303400486523949056?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet">Colorado announced</a> a program using the <a href="https://www.eff.org/deeplinks/2020/09/exposure-notification-technology-ready-its-closeup">Exposure Notifications Express</a> (ESE) system. This system, newly baked into Apple’s iOS operating system, will soon also be an option on Google’s Android operating system. It allows tech users to opt-in to a public health program, which alerts them if they’ve been exposed, without requiring them to download a separate app. It is likely to become the easiest path for most smartphone users to participate in <a href="https://www.eff.org/deeplinks/2020/09/exposure-notification-technology-ready-its-closeup">exposure notification systems</a>.</p>
328 <p>While California has not officially announced any such program, there are strong hints that one is in the works. On August 28, three leaders in the California legislature — Assembly Privacy and Consumer Protection Chair Ed Chau, Senate Judiciary Chair Hannah-Beth Jackson, and Assembly Speaker Anthony Rendon—wrote to Governor Gavin Newsom referencing discussions for a pilot program in California that includes a “contact-tracing application.”</p>
329 <p>Worryingly, they also articulated concerns about the lack of privacy considerations that have accompanied those plans, saying that “the Administration has not fully considered many important implications of implementing” a statewide app. “We must work together every step of the way to ensure that any action taken by the Administration to deploy a contact-tracing application provide our constituents with the data privacy and security assurances necessary to encourage widespread participation,” <a href="https://www.eff.org/document/legislature-letter-governor-tact">the letter said</a>.</p>
330 <p>Privacy protections are necessary to public health programs, particularly when a program needs high levels of participation to be effective. People will not use applications they can’t trust. That’s why EFF and other privacy groups have called on Governor Newsom to place basic privacy guardrails on any contact-tracing program run by or with the state. These include:</p>
331 <ul>
332 <li>A data minimization rule that ensures that the information a public or private entity collects only serves a public health purpose.</li>
333 <li>A guarantee that any private entity working on a program does not use the information for any other purpose—including, but not limited, to commercial purposes.</li>
334 <li>A prohibition from discriminating against people based on their participation—or nonparticipation—in these programs, to protect those who cannot or do not want to participate in a data collection program, and to avoid programs with compulsory participation.</li>
335 <li>A strong requirement to purge data from such programs when it is no longer useful—we are asking for a 30-day retention period. We would not, however, object to a narrowly-crafted exception from this data purge rule for a limited amount of aggregated and de-identified demographic data for the sole purpose of tracking inequities in public health response to the crisis.</li>
336 </ul>
337 <p>We supported two bills in the 2019-2020 legislation session to protect the privacy of our COVID data. AB 1782 (Chau/Wicks) would have ensured that any exposure notification program in the state included much-needed privacy protections for Californians at work and at home. AB 660 (Levine) would have provided related protections for manual contact tracing programs. Together, these two bills would have ensured COVID tracking programs in the state could not exploit data for other uses, including for marketing purposes, and guaranteed every Californian had the right to sue in case of a privacy violation.</p>
338 <p>Unfortunately, both bills recently died in the California Senate Appropriations committee, chaired by Sen. Anthony Portantino. This is a disappointing failure to protect the privacy of Californians and thereby advance public health. But while the legislature stalled efforts to protect our privacy, the need for these protections is only growing.</p>
339 <p>The letter from legislators suggests that Google and Apple may be willing to create a pilot program “for the State free of charge.” As the lawmakers wrote: “We caution that while contracting these companies to create the application may not cost the state financially, the Legislators and advocates attending closely to these issues over the years have learned that no such venture is truly free. Often times, products or services offered for ‘free’ are paid for through the surrender of sensitive personal information.”</p>
340 <p>Indeed, companies and governments have proven time and again that they cannot be trusted to do the right thing even — sometimes especially — when people are at their most vulnerable. Absent state protections, data collection programs administered by local governments, or by the private sector, face few limits or guarantees that the data will only be used for its intended purposes.</p>
341 <p>In addition, employees have few protections from employers who may wish to use information collected as part of pandemic response to track who their employees are talking to or to measure their productivity. And there are no protections to protect Californians—at work or not—from being discriminated against for choosing not to participate in such programs.</p>
342 <p>Pinky promises aren’t enough. We need legally binding rules. As the state prepares to launch a program to integrate technology into its pandemic response, it is more important than ever that the California governor do the right thing.</p>
343
344 </div></div></div></description>
345 <pubDate>Thu, 10 Sep 2020 00:31:27 +0000</pubDate>
346 <guid isPermaLink="false">103705 at https://www.eff.org</guid>
347 <dc:creator>Hayley Tsukayama</dc:creator>
348 <enclosure url="https://www.eff.org/files/banner_library/california-privacy-1.png" alt="California Privacy" type="image/png" length="17514" />
349 </item>
350 <item>
351 <title>Human Rights and TPMs: Lessons from 22 Years of the U.S. DMCA</title>
352 <link>https://www.eff.org/deeplinks/2020/09/human-rights-and-tpms-lessons-22-years-us-dmca</link>
353 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>In 1998, Bill Clinton signed the Digital Millennium Copyright Act (DMCA), a sweeping overhaul of U.S. copyright law notionally designed to update the system for the digital era. Though the DMCA contains many controversial sections, one of the most pernicious and problematic elements of the law is <a href="https://www.eff.org/tags/dmca-1201">Section 1201</a>, the "anti-circumvention" rule which prohibits bypassing, removing, or revealing defects in "technical protection measures" (TPMs) that control not just use but also access to copyrighted works.</p>
354 <p>In drafting this provision, Congress ostensibly believed it was preserving fair use and free expression but failed to understand how the new law would interact with technology in the real world and how some courts could interpret the law to drastically expand the power of copyright owners. Appellate courts disagree about the scope of the law, and the uncertainty and the threat of lawsuits have meant that rightsholders have been able to effectively exert control over legitimate activities that have nothing to do with infringement, to the detriment of basic human rights.. Manufacturers who designed their products with TPMs that protected <em>business models</em>, rather than profits, can claim that using those products in ways that benefited their customers, (rather than their shareholders) is illegal.</p>
355 <p>22 years later, TPMs are everywhere, sometimes called "DRM" ("digital rights management"). TPMs control who can fix cars and tractors, who can audit the security of medical implants, who can refill a printer cartridge and whether you can store a cable broadcast and what you can do with it.</p>
356 <p>Last month, <a href="https://www.eff.org/deeplinks/2020/07/legal-deep-dive-mexicos-disastrous-new-copyright-law">the Mexican Congress passed amendments to the Federal Copyright Law and the Federal Criminal Code</a>, notionally to comply with the country's treaty obligations under Donald Trump's USMCA, the successor to NAFTA. This law included many provisions that interfered with human rights, so much so that the Mexican National Commission for Human Rights <a href="https://www.eff.org/deeplinks/2020/08/road-victory-human-rights-mexico">has filed a constitutional challenge before the Supreme Court</a> seeking to annul these amendments.</p>
357 <p>Among the gravest of the defects in the new amendments to the Mexican copyright law and the Federal Criminal Code are the rules regarding TPMs, which replicate the defects in DMCA 1201. Notably, the new law does not address the flawed language of the DMCA that has allowed rightsholders to block legitimate and noninfringing uses of copyrighted works that depend on circumvention and creates harsh and disproportionate criminal penalties that creates unintended consequences for privacy and freedom of expression . Such criminal provisions are so broad and vague that it can be applied to any person, even the owner of the device, even if that person hasn’t committed any malicious intent to commit a wrongful act that will result in harm to another. To make things worse, the Mexican law does not provide even the inadequate protections the US version offers, such as an explicit, regular <a href="https://www.copyright.gov/1201/">regulatory proceeding</a> that creates exemptions for areas where the law is provably creating harms.</p>
358 <p>As with DMCA 1201, the new amendments to the Mexican copyright law contains language that superficially appears to address these concerns; however, as with DMCA 1201, the Mexican law's safeguard provisions are <a href="https://www.eff.org/deeplinks/2020/07/legal-deep-dive-mexicos-disastrous-new-copyright-law">entirely cosmetic</a>, so burdened with narrow definitions and onerous conditions that they are unusable. That is why, in 22 years of DMCA 1201, no one has ever successfully invoked the exemptions written into the statute.</p>
359 <p>EFF has had 22 years of experience with the fallout from DMCA 1201. In this article, we offer our hard-won expertise to our colleagues in Mexican civil society, industry, lawmaking and to the Mexican public.</p>
360 <p>Below, we have set out examples of how DMCA 1201 -- and its Mexican equivalent -- is incompatible with human rights, including free expression, self-determination, the rights of people with disabilities, cybersecurity, education, and archiving; as well as the law's consequences for Mexico's national resiliency and economic competitiveness and food- and health-security.</p>
361
362 <p><a name="free-expression" id="free-expression"></a></p>
363 <a href="#free-expression">Free Expression</a>
364 <p>Copyright and free expression are in obvious tension with one another: the former grants creators exclusive rights to reproduce and build upon expressive materials; the latter demands the least-possible restrictions on who can express themselves and how.</p>
365 <p>Balancing these two priorities is a delicate act, and while different countries manage their limitations and exceptions to copyright differently -- fair use, fair dealing, derecho de autor, and more -- these systems typically require a subjective, qualitative judgment in order to evaluate whether a use falls into one of the exempted categories: for example, the widespread exemptions for parody or commentary, or rules that give broad latitude to uses that are "transformative" or "critical." These are rules that are designed to be interpreted by humans -- ultimately by judges.</p>
366 <p>TPM rules that have no nexus with copyright infringement vaporize the vital qualitative considerations in copyright's free expression exemptions, leaving behind a quantitative residue that is easy for computers to act upon, but which does not correspond closely to the policy objectives of limitations in copyright.</p>
367 <p>For example, a computer can tell if a video includes more than 25 frames of another video, or if the other works included in its composition do not exceed 10 percent of its total running time. But the computer cannot tell if the material that has been incorporated is there for parody, or commentary, or education -- or if the video-editor absentmindedly dragged a video-clip from another project into the file before publishing it.</p>
368 <p>And in truth, when TPMs collide with copyright exemptions, they are rarely even this nuanced.</p>
369 <p>Take the TPMs that prevent recording or duplication of videos, beginning with CSS, the system used in the first generation of DVD players, and continuing through the suite of video TPMs, including AACS (Blu-Ray) and HDCP (display devices). These devices can't tell if you are making a recording in order to produce a critical or parodical video commentary. In 2018, the US Copyright Office recognized that these TPMs interfere with the legitimate free expression rights of the public <a href="https://www.eff.org/document/dmca-1201-new-petition-re-video">and granted an exemption</a> to DMCA 1201 permitting the public to bypass these TPMs in order to make otherwise lawful recordings.The Mexican version of the DMCA does not include a formal procedure for granting comparable exemptions.</p>
370 <p>Other times, TPMs collide with free expression by allowing third parties to interpose themselves between rightsholders and their audiences, preventing the former from selling their expressive works to the latter.</p>
371 <p>The most prominent example of this interference is to be found in Apple's App Store, the official monopoly retailer for apps that can run on Apple's iOS devices, such as iPhones, iPads, Apple Watches, and iPods. Apple's devices use TPMs that prevent owners of these devices from choosing to acquire software from rivals of the App Store. As a result, Apple's editorial choices about which apps it includes in the App Store have the force of law. For an Apple customer to acquire an app from someone other than Apple, they must bypass the TPM on their device. Though we have won the right for customers to “jailbreak” their devices, anyone who sells them a tool to effect this ommits a felony under DMCA 1201 and risks both a five-year prison sentence and a $500,000 fine (for a first offense).</p>
372 <p>While <a href="https://slate.com/technology/2020/08/epic-fortnite-apple-app-store-lawsuit-dmca.html">the recent dispute with Epic Games</a> has highlighted the economic dimension of this system (Epic objects to paying a 30 percent commission to Apple for transactions related to its game Fortnite), there are many historic examples of pure content-based restrictions on Apple's part:</p>
373 <ul>
374 <li><a href="https://www.telegraph.co.uk/technology/apple/5982243/Apple-bans-dictionary-from-App-Store-over-swear-words.html">Apple rejected a dictionary</a> because it contained obscene words.</li>
375 <li><a href="https://www.wired.com/2012/08/drone-app/">Apple rejected an app that tracked U.S. drone strikes</a> and their civilian casualties.</li>
376 <li><a href="https://appleinsider.com/articles/12/02/29/apple_denies_sale_of_ebook_containing_links_to_amazon">Apple rejected an ebook</a> because it contained links to Amazon.</li>
377 <li><a href="https://www.eff.org/deeplinks/2014/12/sorry-iphone-users-apples-dev-agreement-means-no-eff-mobile-app-iphone">Apple would not allow our own action-center app</a> unless we signed a confidentiality agreement about the terms of our arrangement with Apple.</li>
378 <li><a href="https://www.scmp.com/tech/apps-social/article/3031502/apple-reviews-rejected-hong-kong-app-again-amid-controversy-over">Apple rejected an app that pro-democracy protesters in Hong Kong</a> used to organize demonstrations.</li>
379 </ul>
380 <p>In these cases, Apple's TPM interferes with speech in ways that are far more grave than merely blocking recording to advantage rightsholders. Rather, Apple is using TPMs backed by DMCA 1201 to interfere with rightsholders as well. Thanks to DMCA 1201, the creator of an app and a person who wants to use that app on a device that they own cannot transact without Apple's approval.</p>
381 <p>If Apple withholds that approval, the owner of the device and the creator of the copyrighted work are not allowed to consummate their arrangement, unless they bypass a TPM. Recall that commercial trafficking in TPM-circumvention tools is a serious crime under DMCA 1201, carrying a penalty of a five year prison sentence and a $500,000 fine for a first criminal offense, even if those tools are used to allow rightsholders to share works with their audiences.</p>
382 <p>In the years since Apple perfected the App Store model, many manufacturers have replicated it, for categories of devices as diverse as games consoles, cars and tractors, thermostats and toys. In each of these domains -- as with Apple's App Store -- DMCA 1201 interferes with free expression in arbitrary and anticompetitive ways.</p>
383
384
385 <p><a href="self-determination"></a></p>
386 <a href="#self-determination">Self Determination</a>
387 <p>What is a "family?"</p>
388 <p>Human social arrangements don't map well to rigid categories. Digital systems can take account of the indeterminacy of these social connections by allowing their users to articulate the ambiguous and complex nature of their lives within a database. For example, a system could allow users to enter several names of arbitrary length to accommodate the common experience of being called different things by different people, or it could allow them to define their own familial relationships, declaring the people they live with as siblings to be their "brothers" or "sisters" -- or declaring an estranged parent to be a stranger, or a re-married parent's spouse to be a "mother."</p>
389 <p>But when TPMs enter the picture, these necessary and beneficial social complexities are collapsed down into a set of binary conditions, fenced in by the biases and experiences of their designers. These systems are suspicious of their users, designed to prevent "cheating," and they treat attempts to straddle their rigid categorical lines as evidence of dishonesty -- not as evidence that the system is too narrow to accommodate its users' lived experience.</p>
390 <p>One such example is <a href="https://www.etsi.org/deliver/etsi_tr/102800_102899/10282512/01.01.01_60/tr_10282512v010101p.pdf">CPCM, the "Content Protection and Copy Management</a> component of DVB, a standard for digital television broadcasts used all over the world.</p>
391 <p>CPCM relies on the concept of an "authorized domain" that serves as a proxy for a single family. Devices designated as belonging to an "authorized domain" can share video recordings freely with one another, but may not share videos with people from outside the domain -- that is, with people who are not part of their family.</p>
392 <p>The committee that designed the authorized domain was composed almost exclusively of European and US technology, broadcast, and media executives, and they took pains to design a system that was flexible enough to accommodate their lived experience.</p>
393 <p>If you have a private boat, or a luxury car with its own internal entertainment system, or a summer house in another country, the Authorized Domain is smart enough to understand that all these are part of a single family and will permit content to move seamlessly between them.</p>
394 <p>But the Authorized Domain is far less forgiving to families that have members who live abroad as migrant workers, or who are part of the informal economy in another state or country, or nomads who travel through the year with a harvest. These "families" are not recognized as such by DVB-CPCM, even though there are far more families in their situation than there are families with summer homes in the Riviera.</p>
395 <p>All of this would add up to little more than a bad technology design, except for DMCA 1201 and other anti-circumvention laws.</p>
396 <p>Because of these laws -- including Mexico's new copyright law -- defeating CPCM in order to allow a family member to share content with you is itself a potential offense, and selling a tool to enable this is a potential criminal offense, carrying a five-year sentence and a $500,000 fine for a first offense.</p>
397 <p>Mexico's familial relations should be defined by Mexican lawmakers and Mexican courts and the Mexican people -- not by wealthy executives from the global north meeting in board-rooms half a world away. <a name="disability" id="disability"></a></p>
398 <a href="#disability">The Rights of People With Disabilities</a>
399 <p>Though disabilities are lumped into broad categories -- "motor disabilities," "blindness," "deafness," and so on -- the capabilities and challenges of each person with a disability are as unique as the capabilities and challenges faced by each able-bodied person.</p>
400 <p>That is why the core of accessibility isn't one-size-fits-all "accommodations" for people with disabilities; rather, it is <a href="http://universaldesign.ie/What-is-Universal-Design/">"universal design"</a> is "design of systems so that they can be accessed, understood and used to the greatest extent possible by all people regardless of their age, size, ability or disability."</p>
401 <p>The more a system can be altered by its user, the more accessible it is. Designers can and should build in controls and adaptations, from closed captions to the ability to magnify text or increase its contrast, but just as important is to leave the system open-ended, so that people whose needs were not anticipated during the design phase can suit them to their needs, or recruit others to do so for them.</p>
402 <p>This is incompatible with TPMs. TPMs are designed to <em>prevent</em> their users from modifying them. After all, if users could modify TPMs, they could subvert their controls.</p>
403 <p>Accessibility is important for people with disabilities, but it is also a great boon to able-bodied people: first, because many of us are merely "temporarily able-bodied" and will have to contend with some disability during our lives; and second, because flexible systems can accommodate use-cases that designers have not anticipated that able-bodied people also value: from the TV set with captions turned on in a noisy bar (or for language-learners) to the screen magnifiers used by people who have mislaid their glasses.</p>
404 <p>Like able-bodied people, many people with disabilities are able to effect modifications and improvements in their own tools. However, most people -- whether they are able-bodied and people with disabilities -- rely on third parties to modify the systems they rely on because they lack the skill or time to make these modifications themselves.</p>
405 <p>That is why DMCA 1201's prohibition on "trafficking in circumvention devices" is so punitive: it not only deprives programmers of the right to improve their tools, but it also deprives the rest of us of the right to benefit from those programmers' creations, and programmers who dare defy this stricture face lengthy prison sentences and giant fines if they are prosecuted.</p>
406 <p>Recent examples of TPMs interfering with disabilities reveal how confining DMCA 1201 is for people with disabilities.</p>
407 <p>In 2017, the World Wide Web Consortium (W3C) <a href="https://www.eff.org/deeplinks/2017/07/amid-unprecedented-controversy-w3c-greenlights-drm-web">approved a controversial TPM for videos on the Web</a> called Encrypted Media Extensions (EME). EME makes some affordances for people with disabilities, <a href="https://github.com/w3c/encrypted-media/issues/376">but it lacks other important features</a>. For example, people with photosensitive epilepsy cannot use automated tools to identify and skip past strobing effects in videos that could trigger dangerous seizures, while color-blind people can't alter the color-palette of the videos to correct for their deficit.</p>
408 <p>A more recent example comes from the med-tech giant Abbott Labs, which used DMCA 1201 to <a href="https://www.diabettech.com/wearenotwaiting/patching-librelink-for-libre2-clearing-the-fud/">suppress a tool that allowed people with diabetes to link their glucose monitors</a> to their insulin pumps, in order to automatically calculate and administer doses of insulin in an "artificial pancreas."</p>
409 <p>Note that there is no copyright infringement in any of these examples: monitoring your blood sugar, skipping past seizure-inducing video effects, or changing colors to a range you can perceive do not violate anyone's rights under US copyright law. These are merely activities that are dispreferred by manufacturers.</p>
410 <p>Normally, a manufacturer's preference is subsidiary to the interests of the owner of a product, but not in this case. Once a product is designed so that you must bypass a TPM to use it in ways the manufacturer doesn't like, DMCA 1201 gives the manufacturer's preferences the force of law,</p>
411 <p><a name="archiving" id="archiving"></a></p>
412 <a href="#archiving">Archiving</a>
413 <p>In 1991, the science fiction writer Bruce Sterling <a href="https://smecers2.appspot.com/note/Literatura/STERLINGB/story.html">gave a keynote address</a> to the Game Developer's Conference in which he described the assembled game creators as practitioners without a history, whose work crumbled under their feet as fast as they could create it: "Every time a [game] platform vanishes it's like a little cultural apocalypse. And I can imagine a time when all the current platforms might vanish, and then what the hell becomes of your entire mode of expression?"</p>
414 <p>Sterling contrasted the creative context of software developers with authors: authors straddle a vast midden of historical material that they -- and everyone else -- can access. But in 1991, as computers and consoles were appearing and disappearing at bewildering speed, the software author had no history to refer to: the works of their forebears were lost to the ages, no longer accessible thanks to the disappearance of the hardware needed to run them.</p>
415 <p>Today, Sterling's characterization rings hollow. Software authors, particularly games developers, have access to the entire corpus of their industry, playable on modern computers, thanks to the rise and rise of "emulators" -- programs that simulate primitive, obsolete hardware on modern equipment that is orders of magnitude more powerful.</p>
416 <p>However, preserving the history of an otherwise ephemeral medium was not for the faint of heart. <a href="https://drive.google.com/file/d/0B9vexSPkhkh-UWVrREI4SXB4TGc/view">From the earliest days of commercial software</a>, companies have deployed TPMs to prevent their customers from duplicating their products or running them without authorization. Preserving the history of software is impossible without bypassing TPMs, and bypassing TPMs is a potential felony that can send you to prison for five years and/or cost you half a million dollars if you supply a tool to do so.</p>
417 <p>That is why the US Copyright Office has <a href="https://archive.org/about/dmca.php">repeatedly</a> granted <a href="https://blog.archive.org/2006/11/29/internet-archive-helps-secure-exemption-to-the-digital-millennium-copyright-act/">exemptions</a> to DMCA 1201, permitting archivists in the United States to bypass software TPMs for preservation purposes.</p>
418 <p>Of course, it's not merely software that is routinely restricted with TPMs, frustrating the efforts of archivists: from music to movies, books to sound recordings, TPMs are routine. Needless to say, these TPMs interfere with routine, vital archiving activities just as much as they interfere with the archiving and preservation of software.</p>
419 <p><a name="education" id="education"></a></p>
420 <a href="#education">Education</a>
421 <p>Copyright systems around the world create exemptions for educational activities; U.S. copyright law <a href="https://www.copyright.gov/fair-use/more-info.html">specifically mentions education</a> in the criteria for exempted use.</p>
422 <p>But educators frequently run up against the blunt, indiscriminate restrictions imposed by TPMs, whose code cannot distinguish between someone engaged in educational activities and someone engaged in noneducational activities.</p>
423 <p>Educators' conflicts with TPMs are many and varied: a teacher may build a lesson plan around an online video but be unable to act on it if the video is removed; in the absence of a TPM, the teacher could make a local copy of the video as a fallback.</p>
424 <p>For a decade, the U.S. Copyright Office has <a href="https://cccc.ncte.org/cccc/committees/ip/ipreports/partone">affirmed the need for educators to bypass TPMs in order to engage in normal pedagogical activities</a>, most notably the need for film professors to bypass TPMs in order to teach their students and so that their students can analyze and edit commercial films as part of their studies.</p>
425 <p><a name="national-resiliency" id="national-resiliency"></a></p>
426 <a href="#national-resiliency">National Resiliency</a>
427 <p>Thus far, this article has focused on the TPMs' impact on individual human rights, but human rights are dependent on the health and resiliency of the national territory in which they are exercised. Nutrition, health, and security are human rights just as surely as free speech, privacy and accessibility.</p>
428 <p>The pandemic has revealed the brittleness and transience of seemingly robust supply chains and firms. Access to replacement parts and skilled technicians has been disrupted and firms have failed, taking down their servers and leaving digital tools in unusable or partially unusable states.</p>
429 <p>But TPMs don't understand pandemics or other emergencies: they enforce restrictions irrespective of the circumstances on the ground. And where laws like DMCA 1201 prevent the development of tools and knowledge for bypassing TPMs, these indiscriminate restrictions take on the force of law and acquire a terrible durability, as few firms or even individuals are willing to risk prison and fines to supply the tools to make repairs to devices that are locked with TPMs.</p>
430 <p>Nowhere is this more visible than in agriculture, where the markets for key inputs like heavy machinery, seeds and fertilizer have grown dangerously concentrated, depriving farmers of meaningful choice from competitors with distinctive offers.</p>
431 <p>Farmers work under severe constraints: they work in rural, inaccessible territories, far from authorized service depots, and the imperatives of the living organisms they cultivate cannot be argued with. When your crop is ripe, it must be harvested -- and that goes double if there's a storm on the horizon.</p>
432 <p>That's why TPMs in tractors constitute a severe threat to national resiliency, threatening the food supply itself. Ag-tech giant John Deere <a href="https://www.bloomberg.com/news/features/2020-03-05/farmers-fight-john-deere-over-who-gets-to-fix-an-800-000-tractor">has repeatedly asserted that farmers may not effect their own tractor repairs</a>, insisting that these repairs are illegal unless they are finalized by an authorized technician who can take days to arrive (even when there isn't a pandemic), and who charge hundreds of dollars to inspect the farmer's own repairs and type an unlock code into the tractor's keyboard.</p>
433 <p>John Deere's position is that farmers are not qualified and should not be permitted to repair their own property. However, farmers have been fixing their own equipment for as long as agriculture has existed -- every farm has a workshop and sometimes even a forge. Indeed, John Deere's current designs are <a href="https://securityledger.com/2019/03/opinion-my-grandfathers-john-deere-would-support-our-right-to-repair/">descended from modifications that farmers themselves made</a> to earlier models: Deere used to dispatch field engineers to visit farms and copy farmers' innovations for future models.</p>
434 <p>This points to another key feature for national resiliency: adaptation. Just as every person has unique needs that cannot be fully predicted and accounted for by product designers, so too does every agricultural context. Every plot of land has its own biodynamics, from soil composition to climate to labor conditions, and farmers have always adapted their tools to suit their needs. Multinational ag-tech companies can profitably target the conditions of the wealthiest farmers, but if you fall too far outside the median use-case, the parameters of your tractor are unlikely to fully suit your needs. That is why farmers are so accustomed to adapting their equipment.</p>
435 <p>To be clear, John Deere's restrictions do not prevent farmers from modifying their tractors -- they merely put those farmers in legal peril. Instead, farmers have turned to <a href="https://www.wideopencountry.com/john-deere-tractor-hack/">black market Ukrainian replacement software</a> for their tractors; no one knows who made this software, it comes with no guarantees, and if it contained malicious or defective code, there would be no one to sue.</p>
436 <p>And John Deere's abuse of TPMs doesn't stop at repairs. Tractors contain sophisticated sensors that can map out soil conditions to a high degree of accuracy, measuring humidity, density and other factors and plotting them on a centimeter-accurate grid. This data is automatically generated by farmers driving tractors around their own fields, but the data does not go to the farmer. Rather, <a href="https://www.motherjones.com/environment/2016/11/monsanto-farming-precision-agriculture/">John Deere harvests the data that farmers generate while harvesting their crops</a> and builds up detailed pictures of regional soil conditions that the company sells as market intelligence to the financial markets for bets in crop futures.</p>
437 <p>That data is useful to the farmers who generated it: accurate soil data is needed for "precision agriculture," which improves crop yields by matching planting, fertilizing and watering to soil conditions. Farmers <em>can</em> access a small slice of that data, but only through an app that comes bundled with seed from Bayer-Monsanto. Competing seed companies, including domestic seed providers, cannot make comparable offers.</p>
438 <p>Again, this is bad enough under normal conditions, but when supply chains fail, the TPMs that enforce these restrictions prevent local suppliers from filling in the gaps.</p>
439 <p><a name="r2r" id="r2r"></a></p>
440 <a href="#r2r">Right to Repair</a>
441 <p>TPMs don't just interfere with ag-tech repairs: dominant firms in every sector have come to realize that repairs are a doubly lucrative nexus of control. First, companies that control repairs can extract money from their customers by charging high prices to fix their property and by forcing customers to use high-priced manufacturer-approved replacement parts in those repairs; and second, companies can unilaterally declare some consumer equipment to be beyond repair and demand that they pay to replace it.</p>
442 <p>Apple spent lavishly in 2018 on a campaign that stalled 20 state-level Right to Repair bills in the U.S.A., and, in his first shareholder address of 2019, Apple CEO Tim Cook <a href="https://www.vice.com/en_us/article/zmd9a5/tim-cook-to-investors-people-bought-fewer-new-iphones-because-they-repaired-their-old-ones">warned that a major risk to Apple's profitability</a> came from consumers who chose to repair, rather than replace, their old phones, tablets and laptops.</p>
443 <p>The Right to Repair is key to economic self-determination at any time, but in times of global or local crisis, when supply chains shatter, repair becomes a necessity. Alas, the sectors most committed to thwarting independent repair are also sectors whose products are most critical to weathering crises.</p>
444 <p>Take the automotive sector: manufacturers in this increasingly concentrated sector have used TPMs to prevent independent repair, from scrambling the diagnostic codes used on cars' internal communications networks to adding "security chips" to engine parts that prevent technicians from using functionally equivalent replacement parts from competing manufacturers.</p>
445 <p>The issue has simmered for a long time: in 2012, voters in the Commonwealth of Massachusetts <a href="https://web.archive.org/web/20120912201016/https://www.sec.state.ma.us/ele/ele12/ballot_questions_12/quest_1.htm">overwhelmingly backed a ballot initiative</a> that safeguarded the rights of drivers to choose their own mechanics, prompting the legislature to enact a right-to-repair law. However, manufacturers responded to this legal constraint by deploying TPMs that allow them to comply with the letter of the 2012 law while still preventing independent repair. The situation is so dire that Massachusetts voters have <a href="https://ballotpedia.org/Massachusetts_Question_1,_%22Right_to_Repair_Law%22_Vehicle_Data_Access_Requirement_Initiative_(2020)">put <em>another</em> ballot initiative</a> on this year's ballot, which would force automotive companies to disable TPMs in order to enable independent repair.</p>
446 <p>It's bad enough to lose your car while a pandemic has shut down public transit, but it's not just drivers who need the Right to Repair: it's also hospitals.</p>
447 <p>Medtronic is the world's largest manufacturer of ventilators. For 20 years, it has manufactured the workhorse Puritan Bennett 840 ventilator, but recently the company added a TPM to its ventilator design. The TPM prevents technicians from repairing a ventilator with a broken screen by swapping in a screen from another broken ventilator; this kind of parts-reuse is common, and authorized Medtronic technicians can refurbish a broken ventilator this way because they have the code to unlock the ventilator.</p>
448 <p>There is a thriving secondary market for broken ventilators, but refurbishers who need to transplant a monitor from one ventilator to another must bypass Medtronic's TPM. To do this, they rely on a single Polish technician <a href="https://www.vice.com/en_us/article/3azv9b/why-repair-techs-are-hacking-ventilators-with-diy-dongles-from-poland">who manufacturers a circumvention device</a> and ships it to medical technicians around the world to help them with their repairs.</p>
449 <p>Medtronic strenuously objects to this practice and warns technicians that unauthorized repairs could expose patients to risk -- we assume that the patients whose lives were saved by refurbished ventilators are unimpressed by this argument. In a cruel twist of irony, the anti-repair Medtronic was founded in 1949 as a <a href="https://web.archive.org/web/20130623123108/http://www.medtronic.com/about-us/company-profile/medtronic-history/index.htm">medical equipment repair business</a> that effected unauthorized repairs.</p>
450 <p><a name="cybersecurity" id="cybersecurity"></a></p>
451 <a href="#cybersecurity">Cybersecurity</a>
452 <p>In the security field, it's a truism that "there is no security in obscurity" -- or, as cryptographer Bruce Schneier puts it, "anyone can design a system that they can't think of a way around. That doesn't mean it's secure, it just means it's secure against people stupider than <em>you</em>."</p>
453 <p>Another truism in security is that "security is a process, not a product." You can never know if a system is secure -- all you can know is whether any defects have been discovered in it. <a href="https://heartbleed.com/">Grave defects have been discovered</a> even very mature, widely used systems that have been in use for decades.</p>
454 <p>The corollary of these two rules is that security requires that systems be open to auditing by as many third parties as possible, because the people who designed those systems are blind to their own mistakes, and because each auditor brings their own blind spots to the exercise.</p>
455 <p>But when a system has TPMs, they often interfere with security auditing, and, more importantly, security disclosures. TPMs are widely used in embedded systems to prevent competitors from creating interoperable products -- think of inkjet printers using TPMs to detect and reject third-party ink cartridges -- and when security researchers bypass these to investigate products, their reports can run afoul of DMCA 1201. Revealing a defect in a TPM, after all, can help attackers disable that TPM, and thus constitutes "circumvention" information. Recall that supplying “circumvention devices” to the public is a criminal offense under DMCA 1201.</p>
456 <p>This problem is so pronounced that in 2018, the US Copyright Office <a href="https://tlpc.colorado.edu/section-1201-security-research-exemption/">granted an exemption to DMCA 1201</a> for security researchers.</p>
457 <p>However, that exemption is not broad enough to encompass all security research. A coalition of security researchers is returning to the Copyright Office this rulemaking to explain again why regulators have been wrong to impose restrictions on legitimate research.</p>
458 <p><a name="competition" id="competition"></a></p>
459 <a href="#competition">Competition</a>
460 <p>Firms use TPMs in three socially harmful ways:</p>
461
462 <ol>
463 <li>Controlling customers: From limiting repairs to forcing the purchase of expensive spares and consumables to arbitrarily blocking apps, firms can use TPMs to compel their customers to behave in ways that put corporate interests above the interests of their customers;</li>
464 <li>Controlling critics: DMCA 1201 means that when a security researcher discovers a defect in a product, the manufacturer can exercise a veto over the disclosure of the defect by threatening legal action;</li>
465 <li>Controlling competitors: DMCA 1201 allows firms to unilaterally decide whether a competitor's parts, apps, features and services are available to its customers.</li>
466 </ol>
467 <p>This concluding section delves into three key examples of TPMs' interference with competitive markets.</p>
468
469 <h3>App Stores</h3>
470 <p>In principle, there is nothing wrong with a manufacturer "curating" a collection of software for its products that are tested and certified to be of high quality. However, when devices are designed so that using a rival's app store requires bypassing a TPM, manufacturers can exercise a curator's veto, blocking rival apps on the basis that they compete with the manufacturer's own services.</p>
471 <p>The most familiar example of this is Apple's repeated decision to block rivals on the grounds that they offer alternative payment mechanisms that bypass Apple's own payment system and thus evade paying a commission to Apple. Recent high-profile examples include <a href="https://www.theverge.com/2020/6/18/21296180/apple-hey-email-app-basecamp-rejection-response-controversy-antitrust-regulation">the HEY!</a> email app, and the bestselling <a href="https://slate.com/technology/2020/08/epic-fortnite-apple-app-store-lawsuit-dmca.html">Fortnite app</a>.</p>
472
473 <h3>Streaming media</h3>
474 <p>This plays out in other device categories as well, notably <a href="https://www.eff.org/deeplinks/2020/06/streaming-laying-bare-how-big-isps-big-tech-and-big-media-work-together-against">streaming video</a>: AT&amp;T's HBO Max is deliberately incompatible with leading video-to-TV bridges such as Amazon Fire and Roku TV, who command 70% of the market. The Fire and Roku are often integrated directly into televisions, meaning that HBO Max customers must purchase additional hardware to watch the TV they're already paying for on their own television sets. To make matters worse, HBO has cancelled its HBO Go service, which enabled people who paid for HBO over satellite and cable to watch programming on Roku and Amazon devices .</p>
475
476 <h3>Browsers</h3>
477 <p>TPMs also allow for the formation of cartels that can collude to exclude entire development methodologies from a market and to deliver control over the market to a single company. For example, the W3C's Encrypted Media Extensions (see "<a href="#disability">The Rights of People With Disabilities</a>," above) is a standard for streaming video to web browsers.</p>
478 <p>However, EME is designed so that it does not constitute a complete technical solution: every browser vendor that implements EME must also separately license a proprietary descrambling component called a "content decryption module" (CDM).</p>
479 <p>In practice, only one company makes a licensable CDM: Google, whose "Widevine" technology must be licensed in order to display commercial videos from companies like Netflix, Amazon Prime and other market leaders in a browser.</p>
480 <p>However, <a href="https://www.bloomberg.com/news/articles/2019-05-28/google-s-chrome-becomes-web-gatekeeper-and-rivals-complain">Google will not license this technology to free/open source browsers</a> except for those based on its own Chrome/Chromium browser. In standardizing a TPM for browsers, the W3C -- and Section 1201 of the DMCA -- has delivered gatekeeper status to Google, who now get to decide who may enter the browser market that it dominates; rivals that attempt to implement a CDM without Google’s permission risk prison sentences and large fines.</p>
481 <p><a name="conclusion" id="conclusion"></a></p>
482 <a href="#conclusion">Conclusion</a>
483 <p>The U.S.A. has had 22 years of experience with legal protections for TPMs under Section 1201 in the DMCA. In that time, the U.S. government has repeatedly documented multiple ways in which TPMs interfere with basic human rights and the systems that permit their exercise. The Mexican Supreme Court has now taken up the question of whether Mexico can follow the U.S.'s example and establish a comparable regime in accordance with the rights recognized by the Mexican Constitution and international human rights law. In this document, we provide evidence that TPM regimes are incompatible with this goal.</p>
484 <p>The Mexican Congress -- and the U.S. Congress -- could do much to improve this situation by tying offenses under TPM law to actual acts of copyright violation. As the above has demonstrated, the most grave abuses of TPMs stem from their use to interfere with activities that do not infringe copyright.</p>
485 <p>However, rightsholders already have a remedy for copyright infringements: copyright law. A separate liability regime for TPM circumvention serves no legitimate purpose. Rather, its burden falls squarely on people who want to stay on the right side of the law and find that their important, legitimate activities and expression are put in legal peril.</p>
486
487 </div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/cases/green-v-us-department-justice">Green v. U.S. Department of Justice</a></div></div></div></description>
488 <pubDate>Wed, 09 Sep 2020 13:18:02 +0000</pubDate>
489 <guid isPermaLink="false">103672 at https://www.eff.org</guid>
490 <category domain="https://www.eff.org/taxonomy/term/70">Commentary</category>
491 <category domain="https://www.eff.org/issues/dmca">DMCA</category>
492 <category domain="https://www.eff.org/issues/dmca-rulemaking">DMCA Rulemaking</category>
493 <category domain="https://www.eff.org/issues/drm">DRM</category>
494 <category domain="https://www.eff.org/issues/international">International</category>
495 <category domain="https://www.eff.org/issues/trade-agreements">Trade Agreements and Digital Rights</category>
496 <dc:creator>Cory Doctorow</dc:creator>
497 <enclosure url="https://www.eff.org/files/banner_library/mexico-copyright-1.jpg" alt="" type="image/jpeg" length="46992" />
498 </item>
499 <item>
500 <title>Portland’s Fight Against Face Surveillance</title>
501 <link>https://www.eff.org/deeplinks/2020/09/portlands-fight-against-face-surveillance</link>
502 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>This Wednesday, the Portland City Council will hear from residents, businesses, and civil society as they consider banning </span><a href="https://www.portlandoregon.gov/auditor/article/765748"><span>government use</span></a><span> of face recognition technology within the city.<br /><br />Over 150 </span><a href="https://act.eff.org/action/about-face/portland-or?page=6"><span>Portland-area</span></a><span> business owners, technologists, workers, and residents have signed our </span><a href="http://aboutfacenow.org"><span>About Face</span></a><span> petition calling for an end to government use of face surveillance. This week, a coalition of local and national civil society organizations led by Electronic Frontier Alliance (<a href="eff.org/fight">EFA</a>) members </span><a href="https://www.pdxprivacy.org/"><span>PDX Privacy</span></a><span> and </span><a href="https://www.meetup.com/Portlands-Techno-Activism-3rd-Mondays"><span>Portland's Techno-Activism Third Mondays</span></a><span> delivered that<a href="https://www.eff.org/document/government-use-face-recognition-technology-portland-or"> petition to the council</a>, noting that "even if the technology someday functions flawlessly, automated surveillance and collection of biometric data will still violate our personal privacy and conflict with the City's own privacy principles." </span></p>
503 <p class=" take-action"><a href="https://www.eff.org/aboutface/jointhefight#form">TAKE ACTION</a></p>
504 <p class="take-explainer"><a href="https://www.eff.org/aboutface/jointhefight#form"><span>End Face Surveillance in your community</span></a></p>
505 <p><span>The proposed ban on government use of face surveillance makes critical steps forward in protecting Portland residents. As a result of </span><a href="https://www.eff.org/deeplinks/2013/02/major-privacy-victory-seattle-mayor-orders-police-not-use-surveillance-drones"><span>federal grants</span></a><span> and gifting through the Department of Defense's </span><a href="https://www.fastcompany.com/90513061/eliminating-this-federal-program-would-play-a-major-part-in-demilitarizing-the-police"><span>1033 program</span></a><span>, budgeting systems that once provided some measure of transparency—and an opportunity for accountability—have been circumvented by police departments across the country as they build arsenals of powerful technology. Meanwhile, lawmakers and the public are kept in the dark. Once passed, Portland's ordinance will prohibit city bureaus from purchasing, leasing, or accepting face recognition technology as a donation or gift. It will also prohibit city bureaus from directing non-city entities to acquire or use the technology on the city's behalf. </span></p>
506 <p><span>The ordinance also provides a path toward protections against government use of other kinds of privacy-invasive surveillance technology, beyond face surveillance. Specifically, the ordinance tasks Portland's Bureau of Planning and Sustainability with proposing a framework for the establishment of citywide privacy policies and procedures. These would include a public engagement process focusing on underserved communities, and the development of decision-making structures for managing city data and information acquired through the use of surveillance technology. </span></p>
507 <p><span>The Portland City Council will also consider a second ordinance on face surveillance, which addresses </span><a href="https://www.portlandoregon.gov/auditor/article/765749"><span>private sector</span></a><span> use of the technology. Specifically, it would ban use of face surveillance by private parties in places of public accommodation. The better approach to private sector use is through the requirement of opt-in consent, as is required by Illinois'</span><a href="https://www.eff.org/deeplinks/2019/01/victory-illinois-supreme-court-protects-biometric-privacy"><span> Biometric Information Privacy Act</span></a><span> and Senator Jeff Merkley's (D-OR) proposed </span><a href="https://www.eff.org/deeplinks/2020/08/sen-merkley-leads-biometric-privacy"><span>National Biometric Information Privacy Act.</span></a><span> We made the same point in our June </span><a href="https://www.eff.org/document/eff-letter-boston-city-council-facial-recognition"><span>letter</span></a><span> to the </span><a href="https://www.eff.org/deeplinks/2020/06/victory-boston-bans-government-use-face-surveillance"><span>Boston</span></a><span> City Council about its face recognition ordinance. </span></p>
508 <p><span>On the ban on government use of face surveillance, there is still significant room for improvement as to enforcement. It requires that a violation of the ordinance harm a person before they can initiate the enforcement process. But to protect the public before they have been injured by a technology that threatens their privacy, safety, and fundamental freedoms, a person must be able to initiate an enforcement action before they experience harm. In the words of Brian Hofer, Chair of the Privacy Advisory Commission in Oakland, California—which are included in the package being considered by Portland Commissioners this week—the "current enforcement mechanism will likely not provide much protection because A) we typically only learn of harm from surveillance long after the fact, and B) this technology works at a distance, in secret, and thus an injured party will almost never discover that they were subject to its use." Hofer suggests that the language be amended to more closely mirror that of </span><a href="https://www.eff.org/deeplinks/2019/07/victory-oakland-city-council-votes-ban-government-use-face-surveillance"><span>Oakland's own ban</span></a><span>, which does not require an individual to prove that they have been personally harmed. Oakland's ordinance also provides for damages to be awarded to those who are harmed, another provision that would improve Portland's bill. <br /></span></p>
509 <p class=" take-action"><a href="https://www.eff.org/aboutface/jointhefight#form">TAKE ACTION</a></p>
510 <p class="take-explainer"><a href="https://www.eff.org/aboutface/jointhefight#form"><span>End Face Surveillance in your community</span></a></p>
511 <p><span>Moreover, the enforcement provisions of many of the </span><a href="https://www.eff.org/aboutface/bans-bills-and-moratoria"><span>existing local bans</span></a><span> on face surveillance include an essential provision notably missing from Portland's ban: the city must pay the attorney fees of a prevailing plaintiff. Commonly referred to as 'fee-shifting,' this rule helps level the playing field between a resourced government and an individual looking to hold it accountable by eliminating the financial barrier to finding legal assistance. </span></p>
512 <p><span>The work of Portland lawmakers and the city's Bureau of Planning and Sustainability to protect city residents from the harms of face surveillance is commendable. Commissioners must also work to ensure that the city's ban provides appropriate protections and accessible enforcement mechanisms. From San Francisco to Boston; Portland to Durham; communities are coming together to protect themselves from the harms of the ever-expanding panopticon of unwarranted government surveillance. Through efforts like our</span><a href="https://www.eff.org/aboutface"><span> About Face</span></a><span> campaign, and alongside our</span><a href="https://www.eff.org/electronic-frontier-alliance/allies"><span> EFA allies</span></a><span>, we will continue the push for stronger, enforceable protections. If your community-based group or hackerspace would like to join us in ending government use of face surveillance in your community, please</span><a href="http://eff.org/aboutface/jointhefight"><span> add your name</span></a><span> to the About Face petition and encourage your group to consider</span><a href="https://supporters.eff.org/join-efa"><span> joining the Alliance</span></a><span>.</span></p>
513
514 </div></div></div></description>
515 <pubDate>Wed, 09 Sep 2020 00:56:24 +0000</pubDate>
516 <guid isPermaLink="false">103696 at https://www.eff.org</guid>
517 <category domain="https://www.eff.org/issues/street-level-surveillance">Street-Level Surveillance</category>
518 <category domain="https://www.eff.org/issues/face-surveillance">Face Surveillance</category>
519 <category domain="https://www.eff.org/fight">Electronic Frontier Alliance</category>
520 <dc:creator>Nathan Sheard</dc:creator>
521 <enclosure url="https://www.eff.org/files/banner_library/face-recognition-banner_0_0.jpg" alt="This image shows a person&#039;s face with layers of pixelation throughout. " type="image/jpeg" length="182336" />
522 </item>
523 <item>
524 <title>Exposure Notification Technology is Ready for Its Closeup</title>
525 <link>https://www.eff.org/deeplinks/2020/09/exposure-notification-technology-ready-its-closeup</link>
526 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>Since this COVID-19 crisis began people have looked to technology to assist in contact tracing and notification. Technology will never be a silver bullet to solve a deeply human crisis, even if it</span><a href="https://www.technologyreview.com/2020/06/05/1002775/covid-apps-effective-at-less-than-60-percent-download/"><span> might assist</span></a><span>. No app will work absent widespread testing with human follow up. Smartphones are not in the hands of everyone, so app-based <span>COVID-19</span> assistance can reinforce or exacerbate existing social inequalities. </span></p>
527 <p><a href="https://www.eff.org/deeplinks/2020/05/governments-shouldnt-use-centralized-proximity-tracking-technology"><span>De-centralized</span></a><span> Bluetooth proximity tracking is the most promising approach so far to automated COVID-19 exposure notification. Most prominently, back in April, Apple and Google unveiled a </span><a href="https://www.eff.org/deeplinks/2020/04/apple-and-googles-covid-19-exposure-notification-api-questions-and-answers"><span>Bluetooth exposure notification API</span></a><span> for detecting whether you were in proximity to someone with <span>COVID-19</span>, and sending you a notice. </span></p>
528 <p><span>Over the last month, we have seen a number of contact tracing and exposure notification apps released, including several from public health authorities using the Google-Apple Exposure Notification (GAEN) Bluetooth proximity technology. These include </span><a href="https://ndresponse.gov/covid-19-resources/care19"><span>North Dakota Care19</span></a><span>, </span><a href="https://covid19.wyo.gov/care19-app"><span>Wyoming Care19 Alert</span></a><span>, </span><a href="https://www.guidesafe.org/"><span>Alabama Guidesafe</span></a><span>, and </span><a href="https://nvhealthresponse.nv.gov/covidtrace/index.html"><span>Nevada COVID Trace</span></a><span>. Some, like Canada’s </span><a href="https://www.canada.ca/en/public-health/services/diseases/coronavirus-disease-covid-19/covid-alert.html"><span>Covid Alert</span></a><span> and </span><a href="https://www.vdh.virginia.gov/covidwise/"><span>Virginia Covidwise</span></a><span>, have gotten </span><a href="https://www.washingtonpost.com/technology/2020/08/17/coronavirus-exposure-notification-app/"><span>good</span></a> <a href="https://www.michaelgeist.ca/2020/08/why-i-installed-the-covid-alert-app/"><span>reviews</span></a><span> for privacy and security.</span></p>
529 <p><span>Other new apps are more concerning. Albion College </span><a href="https://www.albion.edu/news-and-events/recent-news/news-archive/14910-albion-college-partners-with-testing-centers-of-america-to-provide-robust-covid-19-protocol-for-students-faculty-staff"><span>required</span></a><span> students to download and install a private party tracking app called Aura, which uses GPS location data and had </span><a href="https://techcrunch.com/2020/08/19/coronavirus-albion-security-flaws-app/"><span>security flaws</span></a><span>. </span><a href="https://citizen.com/"><span>Citizen</span></a><span>, a very popular safety alert app, has added a Bluetooth-based </span><a href="https://citizen.com/safepass"><span>SafePath</span></a><span> technology. Since Citizen itself uses GPS, this raises the risk of connecting the location data to the <span>COVID-19</span> data. To mitigate this concern on iOS, one has to use an add-on app, </span><a href="https://apps.apple.com/us/app/citizen-safetrace/id1519364877"><span>SafeTrace</span></a><span>, which will separate the GPS used by Citizen and the bluetooth data from SafeTrace, but the technology is integrated in Android. </span></p>
530 <p><span>Ultimately, many people may end up participating without choosing an app. Last week, Apple </span><a href="https://techcrunch.com/2020/09/01/apple-launches-system-level-covid-19-exposure-notification-express-with-ios-13-7-google-to-follow-later-this-month/"><span>rolled out</span></a><span> iOS 13.7 which allows users to choose to participate in the Apple-Google Bluetooth exposure notification system without an app, via Exposure Notifications Express (ESE). Google will be implementing a similar technology in Android 6.0 later this month, creating an auto-generated app for the local public health authority. Independent apps will still be allowed to use the GAEN system, but the easy path for most smartphone users will be to the Apple-Google ESE system.</span></p>
531 <p><span>Whether considering a new app or the app-less system, we must not lose sight of the </span><a href="https://www.eff.org/deeplinks/2020/04/challenge-proximity-apps-covid-19-contact-tracing"><span>challenges of proximity apps</span></a><span>, and be sure they are safe, secure and respect fundamental human rights. In summary, consent is critical, no one should be </span><a href="https://www.eff.org/deeplinks/2020/07/university-app-mandates-are-wrong-call"><span>forced to use the app</span></a><span>, and users should be able to opt-in and opt-out as needed. Strong privacy and security safeguards are also necessary. Fear of disclosure of your proximity or, worse, your location data, could harm effectiveness (insufficient adoption) and chill expressive activity. All exposure notification technologies need rigorous security testing and data minimization.</span></p>
532
533 </div></div></div></description>
534 <pubDate>Tue, 08 Sep 2020 23:45:29 +0000</pubDate>
535 <guid isPermaLink="false">103694 at https://www.eff.org</guid>
536 <category domain="https://www.eff.org/taxonomy/term/70">Commentary</category>
537 <category domain="https://www.eff.org/issues/covid-19">COVID-19 and Digital Rights</category>
538 <category domain="https://www.eff.org/mobile-devices">Mobile devices</category>
539 <category domain="https://www.eff.org/issues/privacy">Privacy</category>
540 <dc:creator>Kurt Opsahl</dc:creator>
541 <enclosure url="https://www.eff.org/files/banner_library/mobile-surveillance_2.png" alt="" type="image/png" length="16060" />
542 </item>
543 <item>
544 <title>EFF Responds to EU Commission on the Digital Services Act: Put Users Back in Control</title>
545 <link>https://www.eff.org/deeplinks/2020/09/eff-responds-eu-commission-digital-services-act-put-users-back-control</link>
546 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>The European Union is currently preparing for a significant overhaul of its core platform regulation, the </span><a href="https://ec.europa.eu/digital-single-market/en/e-commerce-directive"><span>e-Commerce Directive</span></a><span>. Earlier this year the European Commission, the EU’s executive, </span><a href="https://ec.europa.eu/info/publications/communication-shaping-europes-digital-future_en"><span>pledged</span></a><span> to reshape Europe’s digital future and to propose an entire package of new rules, the </span><a href="https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/12417-Digital-Services-Act-deepening-the-Internal-Market-and-clarifying-responsibilities-for-digital-services"><span>Digital Services Act</span></a><span> (DSA). The package is supposed to address the legal responsibilities of platforms regarding user content and include measures to keep users safe online. The Commission also announced a new standard for large platforms that act as gatekeepers in an attempt to create a fairer, and more competitive, market for online platforms in the EU. <br /></span></p>
547 <h2><b>Preserve What Works</b></h2>
548 <p><span>While the European Commission has not yet published its proposal for the DSA, the current preparatory phase is an important opportunity to expose the Commission to diverse insights on the complex issues the DSA will cover. Alongside our </span><a href="https://edri.org/"><span>European partners</span></a><span>, we have therefore contributed to the Commission’s consultation that will feed into the assessment of the different regulatory options available. In our response, we remind the Commission of some of the aspects of the e-Commerce Directive that have been crucial for the growth of the online economy, and the protection of fundamental rights in the EU: it is essential to retain the Directive’s approach of </span><a href="https://www.eff.org/deeplinks/2020/07/effs-eu-policy-principles-platform-liability-and-monitoring"><span>limiting platforms’ liability</span></a><span> over user content and banning Member States from imposing obligations to track and monitor users’ content.</span></p>
549 <h2><b>Fix What Is Broken</b></h2>
550 <p><span>But the DSA should not only preserve what was good about the old Directive. It is also a chance to boldly imagine a version of the Internet where users have a right to remain anonymous, enjoy substantial </span><a href="https://www.eff.org/deeplinks/2020/07/our-eu-policy-principles-procedural-justice"><span>procedural rights</span></a><span> in the context of content moderation, and can have more </span><a href="https://www.eff.org/deeplinks/2020/08/our-eu-policy-principles-user-controls"><span>control</span></a><span> over how they interact with content. That should include measures to make the use of algorithms more transparent, but must also allow people to choose for themselves whether they want algorithms to curate their feeds at all. Beyond giving users the rights and options they deserve, it is time to re-think the Internet more fundamentally. That’s why we propose </span><a href="https://www.eff.org/deeplinks/2020/06/our-eu-policy-principles-interoperability"><span>interoperability obligations</span></a><span> for large platforms. Flanked by strong privacy and security safeguards, a European commitment to interoperability could empower users to shape their online environments according to their needs and preferences, will allow people to connect with each other beyond the walled gardens of the largest platforms, and will reinvigorate the digital economy. <br /></span></p>
551 <h2><b>Have Your Say Too</b></h2>
552 <p><span>There is still time to respond to the consultation until 8 September, and we invite you to join us in our call for an open and safe Internet that empowers users. You can submit your comments to the European Commission’s public consultation </span><strong><a href="https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/12417-Digital-Services-Act-deepening-the-Internal-Market-and-clarifying-responsibilities-for-digital-services/public-consultation">here</a></strong><span>.</span></p>
553 <p><b>Our main demands regarding interoperability are:</b></p>
554 <ol>
555 <li><span>Platforms with significant market power must offer non-discriminatory possibilities for competing, not-incumbent platforms to interoperate with their key features;</span></li>
556 <li><span>Platforms with significant market power should make it possible for competing third parties to act on users’ behalf. If users want to, they should be able to delegate elements of their online experience to different competent actors;</span></li>
557 <li><span>Interoperability measures must respect key privacy principles such as data minimization, privacy by design, and privacy by default;</span></li>
558 <li><span>If intermediaries do have to suspend interoperability to fix security issues, they should not exploit such situations to break interoperability but rather communicate transparently, resolve the problem, and reinstate interoperability interfaces within a reasonable and clearly defined timeframe.</span></li>
559 </ol>
560 <p><b>Our main demands regarding platform liability are:</b></p>
561 <ol>
562 <li><span>Online intermediaries should not be held liable for user content and should continue to benefit from the comprehensive liability exemptions contained in the e-Commerce Directive;</span></li>
563 <li><span>It should be clarified that actual knowledge of illegality is only obtained by intermediaries if they are presented with a court order;</span></li>
564 <li><span>The Member States of the EU should not be permitted to impose obligations on digital service providers to affirmatively monitor their platforms or networks for illegal content that users post, transmit, or store. The ban on general monitoring obligations should include a ban on mandated automated filter systems.</span></li>
565 <li><span>The Internet is global and takedown orders of global reach are immensely unjust and impair users’ freedom. New rules should make sure that court orders—and particularly injunctions—should not be used to superimpose the laws of one country on every other state in the world.</span></li>
566 </ol>
567 <p><b>Our main demands regarding user controls are:</b></p>
568 <ol>
569 <li><span>Users of social media platforms with significant market power</span> <span>should be empowered to choose content they want to interact with in a simple and user-friendly manner, and should have the option to decide against algorithmically-curated recommendations altogether;</span></li>
570 <li><span>Online platforms should provide meaningful information about the algorithmic tools they use in content moderation and content curation. Users need easily accessible explanations to understand when, for which tasks, and to which extent algorithmic tools are used. Online platforms should also allow </span><span>independent researchers and relevant regulators to audit their algorithmic tools to make sure they are used as intended;</span></li>
571 <li><span>Users should be notified whenever the rules that govern them change, must be asked for their consent and should be informed of the consequences of their choice. They should also be provided with a meaningful explanation of any substantial changes in a language they understand;</span></li>
572 <li><span>The Digital Services Act should affirm users’ informational self-determination and introduce the European right to anonymity online.</span></li>
573 </ol>
574 <p><b>Our main demands for procedural justice are:</b></p>
575 <ol>
576 <li><span>The EU should adopt harmonized rules on reporting mechanisms that ensure that reporting potentially illegal content is easy, and any follow-up actions by the platform is transparent for its users;</span></li>
577 <li><span>Platforms should provide users with a notice when content has been removed that identifies the content removed, the specific rule that it was found to violate, and how the content was detected. It should also offer an easily accessible explanation of the process through which the user can appeal the decision;</span></li>
578 <li><span>If platforms use automated decision making to restrict content, they should flag at which step of the process algorithmic tools were used, explain the logic behind the automated decisions taken, and also explain how users can contest the decision;</span></li>
579 <li><span>The Digital Services Act should promote quick and easy reinstatement of wrongfully removed content or wrongly disabled accounts.</span></li>
580 </ol>
581
582 </div></div></div></description>
583 <pubDate>Fri, 04 Sep 2020 09:55:21 +0000</pubDate>
584 <guid isPermaLink="false">103689 at https://www.eff.org</guid>
585 <category domain="https://www.eff.org/issues/eu-policy">EU Policy</category>
586 <dc:creator>Christoph Schmon</dc:creator>
587 <enclosure url="https://www.eff.org/files/banner_library/interoperable-3.png" alt="An abstract rube-goldberg machine with references to innovation and open culture" type="image/png" length="29018" />
588 </item>
589 <item>
590 <title>Technology Can’t Predict Crime, It Can Only Weaponize Proximity to Policing </title>
591 <link>https://www.eff.org/deeplinks/2020/09/technology-cant-predict-crime-it-can-only-weaponize-proximity-policing</link>
592 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><i><span>Special thanks to Yael Grauer for additional writing and research.</span></i></p>
593 <p><span>In June 2020, Santa Cruz, California became the first city in the United States to ban municipal use of predictive policing, a method of deploying law enforcement resources according to data-driven analytics that supposedly are able to predict perpetrators, victims, or locations of future crimes. Especially interesting is that Santa Cruz was one of the first cities in the country to experiment with the technology when it piloted, and then adopted, a </span><a href="https://www.cityofsantacruz.com/government/city-departments/city-manager/community-relations/city-annual-report/march-2012-newsletter/predictive-policing"><span>predictive policing program</span></a><span> in 2011. That program used historic and current crime data to break down some areas of the city into 500 foot by 500 foot blocks in order to pinpoint locations that were likely to be the scene of future crimes. However, after nine years, the city council voted </span><a href="https://www.santacruzsentinel.com/2020/06/23/santa-cruz-becomes-first-u-s-city-to-approve-ban-on-predictive-policing/"><span>unanimously </span></a><span>to ban it over fears of how it perpetuated racial inequality. </span></p>
594 <p><span>Predictive policing is a self-fulfilling prophecy. If police focus their efforts in one neighborhood and arrest dozens of people there during the span of a week, the data will reflect that area as a hotbed of criminal activity. The system also considers only reported crime, which means that neighborhoods and communities where the police are called more often might see a higher likelihood of having predictive policing technology concentrate resources there. This system is tailor-made to further victimize communities that are already overpoliced—</span><a href="https://www.technologyreview.com/2020/07/17/1005396/predictive-policing-algorithms-racist-dismantled-machine-learning-bias-criminal-justice/"><span>namely</span><span>,</span><span> communities of color</span></a><span>, unhoused individuals, and immigrants</span><span>—</span><span>by using the cloak of scientific legitimacy and the supposed unbiased nature of data. </span></p>
595 <p><span>Santa Cruz’s experiment, and eventual banning of the technology is a lesson to the rest of the country: technology is not a substitute for community engagement and holistic crime reduction measures. The more police departments rely on technology to dictate where to focus efforts and who to be suspicious of, the more harm those departments will cause to vulnerable communities. That’s why police departments should be banned from using supposedly data-informed algorithms to inform which communities, and even which people, should receive the lion’s share of policing and criminalization. </span></p>
596 <h3><b>What Is Predictive Policing?</b></h3>
597 <p><span>The </span><a href="https://www.santacruzsentinel.com/2020/06/23/santa-cruz-becomes-first-u-s-city-to-approve-ban-on-predictive-policing/"><span>Santa Cruz ordinance</span></a><span> banning predictive policing </span><a href="https://www.cityofsantacruz.com/Home/ShowDocument?id=80906"><span>defines the technology</span></a><span> as “</span><span>means software that is used to predict information or trends about crime or criminality in the past or future, including but not limited to the characteristics or profile of any person(s) likely to commit a crime, the identity of any person(s) likely to commit crime, the locations or frequency of crime, or the person(s) impacted by predicted crime.”</span></p>
598 <p><span>Predictive policing analyzes a </span><a href="https://www.rand.org/content/dam/rand/pubs/research_reports/RR200/RR233/RAND_RR233.pdf"><span>massive amount of information</span></a><span> from historical crimes including the time of day, season of the year, weather patterns, types of victims, and types of location in order to infer when and in which locations crime is likely to occur. For instance, if a number of crimes have been committed in alleyways on Thursdays, the algorithm might tell a department they should dispatch officers to alleyways every Thursday. Of course, then this means that police are predisposed to be suspicious of everyone who happens to be in that area at that time. </span></p>
599 <p><span>The technology attempts to function similarly while conducting the less prevalent “person-based” predictive policing. This takes the form of opaque rating systems that assign people a risk value based on a number of data streams including age, suspected gang affiliation, and the number of times a person has been a victim as well as an alleged perpetrator of a crime. The accumulated total of this data could result in someone being placed on a “hot list”, as happened to over </span><a href="https://www.nytimes.com/2017/06/13/upshot/what-an-algorithm-reveals-about-life-on-chicagos-high-risk-list.html"><span>1,000 people</span></a><span> in Chicago who were placed on one such “Strategic Subject List.” As when specific locations are targeted, this technology cannot </span><i><span>actually</span></i><span> predict crime</span><span>—</span><span>and in an attempt to do so, it may expose people to targeted police harassment or surveillance without any </span><i><span>actual</span></i><span> proof that a crime will be committed. </span></p>
600 <p><span>There is a reason why the use of predictive policing continues to expand despite its dubious foundations: it makes money. Many companies have developed tools for data-driven policing; some of the biggest are </span><span>PredPol</span><span>, HunchLab, CivicScape, and Palantir. </span><span>Academic institutions have also developed predictive policing technologies, such as Rutgers University’s </span><span>RTM Diagnostics or Carnegie Mellon University’s CrimeScan, which is used in Pittsburgh. Some departments have built such tools with private companies and academic institutions. For example, in 2010, the Memphis Police Department built its own tool, in partnership with the University of Memphis Department of Criminology and Criminal Justice, using IBM SPSS predictive analytics</span><span>. </span></p>
601 <p><span>As of summer 2020, the technology is used in </span><a href="https://atlasofsurveillance.org/search?utf8=%E2%9C%93&amp;location=&amp;technologies%5B86%5D=on"><span>dozens of cities</span></a><span> across the United States. </span></p>
602 <h3><b>What Problems Does it Pose?</b></h3>
603 <p><span>One of the biggest flaws of predictive policing is the faulty data fed into the system. These algorithms depend on data informing them of where criminal activity has happened to predict where future criminal activity will take place. However, not all crime is recorded—some communities are more likely to report crime than others, some crimes are less likely to be reported than other crimes, and officers have discretion in deciding whether or not to make an arrest. Predictive policing only accounts for crimes that are reported, and concentrates policing resources in those communities, which then makes it more likely that police may uncover other crimes. This all creates a feedback loop that makes predictive policing a self-fulfilling prophecy. As professor Suresh Venkatasubramanian </span><a href="https://www.vice.com/en_us/article/xwbag4/academics-confirm-major-predictive-policing-algorithm-is-fundamentally-flawed"><span>put it</span></a><span>: </span></p>
604 <blockquote><p><span>If you build predictive policing, you are essentially sending police to certain neighborhoods based on what they told you—but that also means you’re not sending police to other neighborhoods because the system didn’t tell you to go there. If you assume that the data collection for your system is generated by police whom you sent to certain neighborhoods, then essentially your model is controlling the next round of data you get.</span></p>
605 </blockquote>
606 <p><span>This feedback loop will impact vulnerable communities, including communities of color, unhoused communities, and immigrants.</span><a href="https://www.technologyreview.com/2020/07/17/1005396/predictive-policing-algorithms-racist-dismantled-machine-learning-bias-criminal-justice/"><span></span></a><span></span></p>
607 <p><span></span><span>Police are already policing minority neighborhoods and arresting people for things that may have gone unnoticed or unreported in less heavily patrolled neighborhoods. When this already skewed data is entered into a predictive algorithm, it will deploy more officers to the communities that are already overpoliced. </span></p>
608 <p><span>A recent </span><a href="https://projects.tampabay.com/projects/2020/investigations/police-pasco-sheriff-targeted/intelligence-led-policing/"><span>deep dive </span></a><span>into the predictive program used by the Pasco County Sheriff's office illustrates the harms that getting stuck in an algorithmic loop can have on people. After one 15-year-old was arrested for stealing bicycles out of a garage, the algorithm continuously dispatched police to harass him and his family. Over the span of five months, police went to his home 21 times. They showed up at his gym and his parent’s place of work. The </span><a href="https://projects.tampabay.com/projects/2020/investigations/police-pasco-sheriff-targeted/intelligence-led-policing/"><span>Tampa Bay Times </span></a><span>revealed that since 2015, the sheriff's office has made more than 12,500 similar preemptive visits on people. </span></p>
609 <p><span></span><span>These visits often resulted in other, unrelated arrests that further victimized families and added to the likelihood that they would be visited and harassed again. In one incident, the mother of a targeted teenager was issued a $2,500 fine when police sent to check in on her child saw chickens in the backyard. In another incident, a father was arrested when police looked through the window of the house and saw a 17-year-old smoking a cigarette. These are the kinds of usually unreported crimes that occur in all neighborhoods, across all economic strata—but which only those marginalized people who live under near constant policing are penalized for. </span></p>
610 <p><span>As </span><a href="https://time.com/4966125/police-departments-algorithms-chicago/"><span>experts</span></a><span> have pointed out, these algorithms often draw from flawed and non-transparent sources such as gang databases, which have been the subject of public scrutiny due to their lack of transparency and </span><a href="https://psmag.com/social-justice/gang-databases-life-sentence-for-black-and-latino-communities"><span>overinclusion of Black and Latinx people</span></a><span>. In Los Angeles, for instance, if police notice a person wearing a </span><a href="https://www.latimes.com/california/story/2020-02-03/california-attorney-general-xavier-becerra-changes-course-on-revamping-the-states-gang-database"><span>sports jersey</span></a><span> or having a brief conversation with someone on the street, it may be enough to include that person in the LAPD’s gang database. Being included in a gang database often means being exposed to more police harassment and surveillance, and also can lead to consequences once in the legal system, such as harsher sentences. Inclusion in a gang database can impact whether a predictive algorithm identifies a person as being a potential threat to society or artificially </span><a href="https://www.theverge.com/2018/4/26/17285058/predictive-policing-predpol-pentagon-ai-racial-bias"><span>projects</span></a><span> a specific crime as gang-related. In July 2020, the California Attorney General </span><a href="https://www.latimes.com/california/story/2020-07-14/california-bars-police-from-using-lapd-records-in-gang-database-as-scandal-widens"><span>barred</span></a><span> police in the state from accessing any of LAPD’s entries into the California gang database after LAPD officers were caught falsifying data. Unaccountable and overly broad gang databases are the type of flawed data flowing from police departments into predictive algorithms, and exactly why predictive policing cannot be trusted. </span></p>
611 <p><span>To test racial disparities in predictive policing, Human Rights Data Analysis Group (HRDAG)</span><a href="https://rss.onlinelibrary.wiley.com/doi/full/10.1111/j.1740-9713.2016.00960.x"> <span>looked at Oakland Police Department’s recorded drug crimes</span></a><span>. It used a big data policing algorithm to determine where it would suggest that police look for future drug crimes. Sure enough, HRDAG found that </span><a href="https://rss.onlinelibrary.wiley.com/doi/pdf/10.1111/j.1740-9713.2016.00960.x"><span>the data-driven model would have focused almost exclusively on low-income communities of color</span></a><span>. But public health data on drug users combined with U.S. Census data show that the distribution of drug users does not correlate with the program’s predictions, demonstrating that the algorithm’s predictions were rooted in bias rather than reality.</span></p>
612 <p><span>All of this is why a</span><a href="https://www.popularmechanics.com/science/math/a32957375/mathematicians-boycott-predictive-policing/"><span> group of academic mathematicians</span></a><span> recently declared a boycott against helping police create predictive policing tools. They argued that their credentials and expertise create a convenient way to smuggle racist ideas about who will commit a crime based on where they live and who they know, into the mainstream through scientific legitimacy. “It is simply too easy,” they write, “to create a 'scientific' veneer for racism.”</span></p>
613 <p><span>In addition, there is a disturbing lack of transparency surrounding many predictive policing tools. In many cases, it’s unclear how the algorithms are designed, what data is being used, and sometimes even what the system claims to predict. Vendors have sought non-disclosure clauses or otherwise shrouded their products in secrecy, citing trade secrets or business confidentiality. When data-driven policing tools are black boxes, it’s difficult to assess the risks of error rates, false positives, limits in programming capabilities, biased data, or even flaws in source code that affect search results. </span></p>
614 <p><span>For local departments, the prohibitive cost of using these predictive technologies can also be a detriment to the maintenance of civil society. In Los Angeles, the LAPD paid</span><a href="https://www.latimes.com/opinion/story/2020-07-27/lapd-big-data-policing-palantir"><span> $20 million</span></a><span> over the course of nine years to use Palantir’s predictive technology alone. That’s only one of many tools used by the LAPD in an attempt to predict the future. </span></p>
615 <p><span>Finally, predictive policing raises constitutional concerns. Simply living or spending time in a neighborhood or with certain people may draw suspicion from police or cause them to treat people as potential perpetrators. </span><span>As legal scholar </span><a href="http://law.emory.edu/elj/content/volume-62/issue-2/articles/predicting-policing-and-reasonable-suspicion.html"><span>Andrew Guthrie Furgeson</span></a><span> has written, there is tension between predictive policing and legal requirements that police possess reasonable suspicion to make a stop. Moreover, predictive policing systems sometimes utilize information from </span><a href="https://journals.sagepub.com/doi/full/10.1177/2056305118768296"><span>social media</span></a><span> to assess whether a person might be likely to engage in crime, which also raises free speech issues.<br /></span><br /><span>Technology cannot predict crime, it can only weaponize a person’s proximity to police action. An individual should not have their presumption of innocence eroded because a casual acquaintance, family member, or neighbor commits a crime. This just opens up members of already vulnerable populations to more police harassment, erodes trust between public safety measures and the community, and ultimately creates more danger. This has already happened in Chicago, where the police </span><a href="https://onezero.medium.com/chicago-cops-use-social-media-to-track-grieving-families-of-gunshot-victims-e68e5a6dc40c"><span>surveil and monitor the social media of victims of crimes</span></a><span>—</span><span>because being a victim of a crime is one of the many factors Chicago’s predictive algorithm uses to determine if a person is at high risk of committing a crime themselves. </span></p>
616 <h3><b>What Can Be Done About It? <br /></b></h3>
617 <p><span>As the Santa Cruz ban suggests, cities are beginning to wise up to the dangers of predictive policing. As with the growing movement to ban government use of face recognition and other biometric surveillance, we should also seek bans on predictive policing. Across the country, from </span><a href="https://www.eff.org/deeplinks/2019/05/san-francisco-takes-historic-step-forward-fight-privacy"><span>San Francisco</span></a><span> to </span><a href="https://www.eff.org/deeplinks/2020/06/victory-boston-bans-government-use-face-surveillance"><span>Boston</span></a><span>, almost a dozen cities have banned police use of face recognition after recognizing its </span><a href="https://www.theatlantic.com/technology/archive/2020/07/defund-facial-recognition/613771/"><span>disproportionate impact</span></a><span> on people of color, its tendency to </span><a href="https://www.nytimes.com/2020/06/24/technology/facial-recognition-arrest.html"><span>falsely accuse</span></a><span> people of crimes, its erosion of our </span><a href="https://www.perpetuallineup.org/"><span>presumption of innocence</span></a><span>, and its ability to track our movements. </span></p>
618 <p><span>Before predictive policing becomes even more widespread, cities should now take advantage of the opportunity to protect the well-being of their residents by passing ordinances that ban the use of this technology or prevent departments from acquiring it in the first place. If your town has legislation like a Community Control Over Police Surveillance (CCOPS) ordinance, which requires elected officials to approve police purchase and use of surveillance equipment, the acquisition of predictive policing can be blocked while attempts to ban the technology are made. </span></p>
619 <p><span>The lessons from the novella and film </span><i><span>Minority Report</span></i><span> still apply, even in the age of big data: people are innocent until proven guilty. People should not be subject to harassment and surveillance because of their proximity to crime. For-profit software companies with secretive proprietary algorithms should not be creating black box crystal balls exempt from public scrutiny and used without constraint by law enforcement. It’s not too late to put the genie of predictive policing back in the bottle, and that is exactly what we should be urging local, state, and federal leaders to do<i>.</i> </span></p>
620
621 </div></div></div></description>
622 <pubDate>Thu, 03 Sep 2020 23:09:31 +0000</pubDate>
623 <guid isPermaLink="false">103687 at https://www.eff.org</guid>
624 <category domain="https://www.eff.org/taxonomy/term/70">Commentary</category>
625 <category domain="https://www.eff.org/issues/privacy">Privacy</category>
626 <dc:creator>Matthew Guariglia</dc:creator>
627 <enclosure url="https://www.eff.org/files/banner_library/police-spying-1.png" alt="" type="image/png" length="7117" />
628 </item>
629 <item>
630 <title>COVID-19 Tracking Technology Will Not Save Us</title>
631 <link>https://www.eff.org/deeplinks/2020/09/covid-19-tracking-technology-will-not-save-us</link>
632 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>Technology may be part of the solution to stopping the spread of COVID-19, but </span><a href="https://www.brookings.edu/techstream/inaccurate-and-insecure-why-contact-tracing-apps-could-be-a-disaster/"><span>apps alone</span></a> <a href="https://www.wired.co.uk/article/contact-tracing-apps-coronavirus"><span>will not</span></a> <a href="https://www.aclu.org/news/privacy-technology/tracking-apps-are-unlikely-to-help-stop-covid-19/"><span>save us</span></a><span>. As more states develop COVID exposure notification apps, institutions and the people they serve should remain skeptical and remember the bigger picture. This is still experimental, unproven technology, both in terms of how it works under the hood and how humans will interact with it. And even the best-designed app </span><span>will be </span><a href="https://blog.gds-gov.tech/automated-contact-tracing-is-not-a-coronavirus-panacea-57fb3ce61d98"><span>no substitute</span></a><span> for public health basics like widespread testing and </span><a href="https://www.eff.org/deeplinks/2020/04/covid-19-and-technology-commonly-used-terms"><span>interview-based contact tracing</span></a><span>.</span></p>
633 <p><span>On top of that, any benefits of this technology will be unevenly distributed. Any app-based or smartphone-based solution will systematically miss the groups least likely to </span><a href="https://www.pewresearch.org/internet/fact-sheet/mobile/"><span>have a cellphone</span></a><span> and more at risk of COVID-19 and in need of resources: in the United States, that includes elderly people, people without housing, and those living in rural communities. </span></p>
634 <p><span>Ultimately, exposure notification technology won’t bail out poor planning or replace inadequate public health infrastructure, but it could misdirect resources and instill a false sense of safety.</span></p>
635 <h3><b>Unproven Technology</b></h3>
636 <p><span>Exposure notification apps, most notably those built on top of </span><a href="https://www.eff.org/deeplinks/2020/04/apple-and-googles-covid-19-exposure-notification-api-questions-and-answers"><span>Apple and Google’s Exposure Notification API</span></a><span>, promise to notify a smart phone user if they have been in prolonged close contact—for instance, within 6 feet for at least 15 minutes—with someone who has tested positive for the virus. The apps use smartphones’ Bluetooth functionality (</span><a href="https://www.eff.org/deeplinks/2020/03/governments-havent-shown-location-surveillance-would-help-contain-covid-19"><i><span>not</span></i><span> location data</span></a><span>) to sense how far away other phones are, and store random identifiers </span><a href="https://www.eff.org/deeplinks/2020/05/governments-shouldnt-use-centralized-proximity-tracking-technology"><span>on the user’s device</span></a><span>. <br /></span></p>
637 <p><span>But Bluetooth was not made to assist with contact tracing and other public health efforts, and the differing hardware properties of various phones can make it hard to consistently measure distances accurately.</span></p>
638 <p><span>On top of technical shortcomings, it is also not yet clear how people will interact with the technology itself. How are people likely to react to a phone notification informing them that they were exposed to someone with COVID? Will they ignore it? Will they self-isolate? If they seek testing, will it be available to them? Public trust is fragile. A high rate of false negatives (or a perception thereof) could lead to people relaxing measures like social distancing and masking, while false positives could lead to users ignoring notifications.<br /></span><b></b><b></b></p>
639 <h3><b>Unevenly Distributed Benefits</b></h3>
640 <p><span>Any app that promises to track, trace, or notify COVID cases will disproportionately miss wide swaths of the population. Not everyone has a mobile phone. Even fewer own a smartphone, and even fewer still have an iPhone or Android running the most up-to-date operating system. Some people own multiple phones to use for different purposes, while others might share a phone with a family or household. Smartphones do not equate to individuals, and public health authorities cannot make critical decisions—for example, about where to allocate resources or about who gets tested or vaccinated—based on smartphone app data. <br /></span></p>
641 <p><span>In the U.S., </span><a href="https://www.pewresearch.org/internet/fact-sheet/mobile/"><span>smartphone ownership</span></a><span> is only 80% to begin with. And the communities least likely to have a smartphone in the U.S.—such as elderly people or </span><a href="https://www.calhealthreport.org/2019/01/11/expired-lost-stolen-cell-phones-critical-homeless-people-can-tough-get-keep/"><span>homeless people</span></a><span>—are also the ones at higher risk for COVID-19. For people 65 years or older, for example, the rate of smartphone ownership declines to about 50%. Out-of-date smartphone hardware or software can also make it harder to install and use a COVID tracking app. For Android users in particular, many older phone models stop getting updates at some point, and some phones run versions of Android that simply don’t get updates. <br /></span></p>
642 <p><span>And smartphone penetration data and specs do not tell the whole story, in the U.S. </span><a href="https://www.pewresearch.org/global/2019/02/05/smartphone-ownership-is-growing-rapidly-around-the-world-but-not-always-equally/pg_global-technology-use-2018_2019-02-05_0-01/"><span>or</span></a> <a href="https://www.eff.org/tr/deeplinks/2020/06/germanys-corona-warn-app-frequently-asked-questions"><span>internationally</span></a><span>. Overbroad surveillance hits marginalized communities </span><a href="https://www.techdirt.com/articles/20200615/08384944711/why-using-cellphones-to-trace-pandemic-wont-save-black-lives.shtml"><span>the hardest</span></a><span>, just as COVID-19 has. In addition to potentially directing public health resources away from those who need them most, new data collection systems </span><a href="https://www.justsecurity.org/70451/how-digital-contact-tracing-for-covid-19-could-worsen-inequality/"><span>could exacerbate</span></a><span> existing surveillance and </span><a href="https://www.teenvogue.com/story/mass-surveillance-coronavirus"><span>targeting of marginalized groups</span></a><span>.</span><span><br /></span></p>
643 <h3><b>Technology Will Not Be a Magic Bullet</b></h3>
644 <p><span>Even with these drawbacks, some will still ask, “So what if it’s not perfect? Anything that can help fight COVID-19 is good. Even if the benefit is small, what’s the harm?” But approaching exposure notification apps and other COVID-related tracking technology as a magic bullet risks diverting resources away from more important things like widespread testing, contact tracing, and isolation support. The presence of potentially helpful technology does not change the need for these fundamentals.</span></p>
645 <p><span>Relying on unproven, experimental technology can also lead to a false sense of safety, leading to a moral hazard for institutions </span><a href="https://www.politico.com/news/2020/08/19/contact-tracing-apps-have-been-a-bust-states-bet-college-kids-can-change-that-398701"><span>like universities</span></a><span> that have big incentives to reopen: even if they do not have, for example, enough contact tracers to reopen, they might move ahead anyway and rely on an app to make up for it. </span></p>
646 <p><span>If and when public health officials conclude that spread of COVID-19 is low enough to resume normal activities, robust interview-based contact tracing is in place, and testing is available with prompt results, exposure notification apps may have a role to play. Until then, relying on this untested technology as a fundamental pillar of public health response would be a mistake.</span></p>
647
648 </div></div></div></description>
649 <pubDate>Thu, 03 Sep 2020 21:59:11 +0000</pubDate>
650 <guid isPermaLink="false">103685 at https://www.eff.org</guid>
651 <category domain="https://www.eff.org/issues/covid-19">COVID-19 and Digital Rights</category>
652 <dc:creator>Gennie Gebhart</dc:creator>
653 <enclosure url="https://www.eff.org/files/banner_library/covid-breath-banner-2.jpg" alt="Two people walking with mobile devices, broadcasting a signal" type="image/jpeg" length="548554" />
654 </item>
655 <item>
656 <title>Pass the Payment Choice Act</title>
657 <link>https://www.eff.org/deeplinks/2020/09/pass-payment-choice-act</link>
658 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>A growing number of retail businesses are <a href="https://www.nytimes.com/2020/07/06/business/cashless-transactions.html" rel="noreferrer">refusing</a> to let their customers pay in cash. This is bad for privacy. Higher-tech payment methods, like credit cards and online payment systems, often create an indelible record of what we bought, and at what time and place. How can you stop <a href="https://www.washingtonpost.com/national-security/capital-one-data-breach-compromises-tens-of-millions-of-credit-card-applications-fbi-says/2019/07/29/72114cc2-b243-11e9-8f6c-7828e68cb15f_story.html" rel="noreferrer">data thieves</a>, <a href="https://www.vice.com/en_us/article/ne53b8/data-brokers-purchase-history-health" rel="noreferrer">data brokers</a>, and <a href="https://www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/01/14/ssmanual2009.pdf" rel="noreferrer">police</a> from snooping on your purchase history? Pay in cash.</p><p>Stores with “cash not accepted” policies are also unfair to the millions of Americans who are <a href="https://www.fdic.gov/householdsurvey/#:~:text=Estimates%20from%20the%202017%20survey,represents%20approximately%208.4%20million%20households." rel="noreferrer">unbanked or underbanked</a>, and thus lack the ability to pay without cash. This cohort disproportionately includes people of color and people with lower incomes. Stores that require high-tech payment methods discriminate against people without access to that tech.</p><p>So EFF supports the Payment Choice Act (<a href="https://www.congress.gov/bill/116th-congress/senate-bill/4145/text" rel="noreferrer">S. 4145</a>, <a href="https://www.congress.gov/bill/116th-congress/house-bill/2650/text" rel="noreferrer">H.R. 2650</a>), a federal bill sponsored by Senators Kevin Cramer and Robert Menendez and Representative Donald Payne. It would require retail stores to accept cash from in-person customers. The bill ensures effective enforcement with a <a href="https://www.eff.org/deeplinks/2019/01/you-should-have-right-sue-companies-violate-your-privacyhttps:/www.eff.org/deeplinks/2019/01/you-should-have-right-sue-companies-violate-your-privacy">private right of action</a>.</p><p>We proudly signed a <a href="https://www.eff.org/document/2020-09-01-coalition-support-letter-re-payment-choice-act">coalition letter</a> in support of the Payment Choice Act. This effort, organized by Consumer Federation of American and Consumer Action, is joined by 51 consumer, privacy, and civil rights advocacy organizations. The letter explains:</p><blockquote><p>Unbanked consumers have little access to noncash forms of payment. Without a bank account, they are unable to obtain credit or debit cards or to use other noncash payment methods, with the possible exception of prepaid cards. Furthermore, when consumers are forced to pay for goods and services in cashless transactions, they (as well as the businesses where they shop) are also often forced to incur added expenses in the form of network and transaction fees.</p><p>Furthermore, noncash transactions generate vast amounts of data, recording the time, date, location, amount, and subject of each consumer’s purchase. Those data are available to digital marketers and advertisers who are engaged in developing and refining increasingly sophisticated techniques to identify and target potential customers. Paying with cash provides consumers with significantly more privacy than do electronic forms of payment.</p></blockquote><p>While some have expressed concerns about accepting cash in the midst of the pandemic, others can only pay in cash, and we cannot allow our current crisis to solidify discrimination permanently. Congress should protect cash payment.</p>
659
660 </div></div></div></description>
661 <pubDate>Thu, 03 Sep 2020 21:57:30 +0000</pubDate>
662 <guid isPermaLink="false">103684 at https://www.eff.org</guid>
663 <category domain="https://www.eff.org/issues/privacy">Privacy</category>
664 <dc:creator>Adam Schwartz</dc:creator>
665 </item>
666 <item>
667 <title>EFF Pilots an Audio Version of EFFector</title>
668 <link>https://www.eff.org/deeplinks/2020/09/eff-pilots-audio-version-effector</link>
669 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Today, we are launching an audio version of our monthly-ish newsletter EFFector to give you a new way to learn about the latest in online freedom, and offer greater accessibility to anyone who is visually impaired or would just like to listen!</p>
670 <p class="take-action"><a href="https://www.youtube.com/watch?v=05RXrsKlR1M">Listen Now!</a></p>
671 <p class="take-action take-explainer"><span>Surveillance Shouldn’t Be a Prerequisite for an Education - EFFector 32.25 </span></p>
672 <p>Since 1990 the Electronic Frontier Foundation has published EFFector to help keep readers up to date on digital rights issues. The intersection of technology, civil liberties, human rights, and the law can be complicated, so EFFector is a great way to stay on top of things. The newsletter is jam-packed with links to updates, announcements, blog posts, and other stories to help keep readers up to date on the movement to protect online privacy and free expression.</p>
673 <p>The audio version of EFFector is a reading of our newsletter, made to bring EFF issues to more people in a new way. Be sure to listen on our <a href="https://www.youtube.com/user/EFForg/videos">YouTube channel</a> just a few days after we send out the newsletter. </p>
674 <p>Keep in mind that EFFector is just a summary—if you like the stories you hear or read in EFFector, <a href="https://www.eff.org/effector/32/25">check out the full issue</a>, along with its links to full Deeplinks blog, press releases, and news stories. Just click any of the links in the newsletter to read all of the full stories. Don't forget—<a href="https://www.eff.org/effector/">you can always subscribe to receive EFFector</a> by email or listen on EFF's <a href="https://www.youtube.com/user/EFForg/videos">YouTube channel</a> and at <a href="https://archive.org/details/effector-32.25">the Internet Archive</a>.</p>
675 <p>Thank you to the supporters around the world who make our work possible! If you're not a member yet, <a href="https://eff.org/effect">join EFF today</a> to help us fight for a brighter digital future.</p>
676
677 </div></div></div></description>
678 <pubDate>Thu, 03 Sep 2020 19:44:18 +0000</pubDate>
679 <guid isPermaLink="false">103675 at https://www.eff.org</guid>
680 <category domain="https://www.eff.org/taxonomy/term/68">Announcement</category>
681 <dc:creator>Christian Romero</dc:creator>
682 <enclosure url="https://www.eff.org/files/banner_library/iu.jpeg" alt="" type="image/jpeg" length="107657" />
683 </item>
684 <item>
685 <title>Cryptographer and Entrepreneur Jon Callas Joins EFF as Technology Projects Director</title>
686 <link>https://www.eff.org/deeplinks/2020/09/cryptographer-and-entrepreneur-jon-callas-joins-eff-technology-projects-director</link>
687 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Some of the most important work we do at EFF is <a href="https://www.eff.org/pages/tools">build technologies</a> to protect users’ privacy and security, and give developers tools to make the entire Internet ecosystem more safe and secure. Every day, EFF’s talented and dedicated computer scientists and engineers are creating and making improvements to our free, open source extensions, add-ons, and software to solve the problems of <a href="https://privacybadger.org/">creepy tracking</a> and unreliable <a href="https://www.eff.org/https-everywhere">encryption</a> on the web.<br /><br />Joining EFF this week to direct and shepherd these technology projects is internationally-recognized cybersecurity and encryption expert <a href="https://www.helpnetsecurity.com/2020/02/19/jon-callas-interview/">Jon Callas</a>. He will be working with our technologists on <a href="https://privacybadger.org/">Privacy Badger</a>, a browser add-on that stops advertisers and other third-party trackers from secretly tracking users’ web browsing, and <a href="https://www.eff.org/https-everywhere">HTTPS Everywhere</a>, a Firefox, Chrome, and Opera extension that encrypts user communications with major websites, to name of few of EFF’s tech tools.<br /><br />Callas will also bring his considerable crypto and security chops to our policy efforts around encryption and securing the web. In the last two decades he has designed and built core cryptographic and concurrent programming systems that are in use by hundreds of millions of people.<br /><br />As an entrepreneur, Callas has been at the center of key security and privacy advancements in mobile communications and email—the best-known of which is PGP (<a href="http://www.cs.utexas.edu/~byoung/cs361/slides8-pgp.pdf">Pretty Good Privacy</a>), one of the most important encryption standards to date. He was chief scientist at the original PGP Inc., and co-founded PGP Corp. in 2002. Later, Callas was chief technology officer at Internet security company Entrust, and co-founded encrypted communications firm Silent Circle, where he led teams making apps for encrypted chat and phone calls, including secure conference calls and an extra-secure Android phone called Blackphone.<br /><br />Callas also did a couple of stints at Apple, where he helped <a href="https://www.macobserver.com/tmo/article/bad-news-fbi-apple-hires-security-pro-jon-callas">design the encryption system to protect</a> data stored on the Mac, and led a team that hacked new products to expose vulnerabilities before release. Along the way, he has garnered extensive leadership experience, having managed large engineering teams. In 2018, Callas left the corporate world to focus on policy as a technology fellow at the ACLU. In July <a href="https://www.aclu.org/blog/privacy-technology/ghost-user-ploy-break-encryption-wont-work?redirect=blog/latest-ploy-break-encrypted-communications-wont-work">he took aim at fatal flaws</a> in the UK’s proposal to force service providers to give the government “exceptional access” to people’s encrypted communications (in other words, let the government secretly access private, encrypted messages).<br /><br />The proposal’s authors denied the plan would “break” encryption, saying it would merely suppress notifications that the government happened to be accessing communications that people believe are secure, private, and free of interception. As Callas wrote at the ACLU, “a proposal that keeps encryption while breaking confidentiality is a distinction without a difference.”<br /><br />We couldn’t agree more. EFF has fought since its founding 30 years ago to keep the government from breaking, or forcing others to break, encryption, and for people’s right to private and secure communications. We’re proud to have such a talented and passionate advocate for these principles on our team. Welcome, Jon!</p>
688 <p> </p>
689 <p> </p>
690 <p> </p>
691 <p> </p>
692
693 </div></div></div></description>
694 <pubDate>Thu, 03 Sep 2020 16:20:02 +0000</pubDate>
695 <guid isPermaLink="false">103677 at https://www.eff.org</guid>
696 <category domain="https://www.eff.org/issues/privacy">Privacy</category>
697 <category domain="https://www.eff.org/issues/security">Security</category>
698 <category domain="https://www.eff.org/encrypt-the-web">Encrypting the Web</category>
699 <dc:creator>Karen Gullo</dc:creator>
700 </item>
701 <item>
702 <title>It’s Past Time for Coinbase to Issue Transparency Reports</title>
703 <link>https://www.eff.org/deeplinks/2020/09/its-past-time-coinbase-issue-transparency-reports</link>
704 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>EFF has become increasingly concerned that payment processors are being asked to turn over information on their customers, without any mechanism for the public to know who is making those requests, or how often. That’s why we are calling on Coinbase—one of the largest cryptocurrency exchanges in the country—to start releasing regular transparency reports that provide insight into how many government requests for information it receives, and how it deals with them. These are difficult decisions with serious consequences, and they should not be made in the dark.</p>
705 <p class="pull-quote">Cryptocurrency exchanges should especially understand the importance of the privacy of this information</p>
706 <p>Financial data can be among the most sensitive types of information we produce. How you spend your money can reveal a lot about your daily habits, the causes you care about, who you hang out with, and where you go. Choosing to comply with or reject a government request for this user data—or choosing to shut down an account—can have a huge impact on what types of speech can thrive online. Transparency reports are important tools for accountability for companies that make these important decisions. Cryptocurrency exchanges should especially understand the importance of the privacy of this information, as their users tend to prize both the cash-like anonymity of cryptocurrency, and its inherent <a href="https://www.eff.org/deeplinks/2011/01/bitcoin-step-toward-censorship-resistant">resistance to censorship</a>. For these reasons, cryptocurrency transactions are often sensitive—and more likely to carry with them an expectation of privacy.</p>
707 <p>At least one of Coinbase’s competitors, Kraken, has already recognized the importance of being open on this topic, and <a href="https://twitter.com/krakenfx/status/1214354510077820928/photo/1">publicly released information</a> on global law enforcement requests it receives. Providing this accountability is particularly important when it comes to financial data, as they can often be turned over with a subpoena, a <a href="https://www.fincen.gov/sites/default/files/shared/314afactsheet.pdf">314 (a) request</a>, or a <a href="https://www.eff.org/issues/national-security-letters/">National Security Letter</a>— none of which require review from a judge before being sent to the financial service provider. And the need for cryptocurrency companies such as Coinbase to be open with consumers is only growing, as courts have not sided with consumer privacy when it comes to these requests.</p>
708 <p>As we <a href="https://www.eff.org/deeplinks/2020/07/appeals-court-decision-fails-protect-privacy-cryptocurrency-exchange-users">wrote in July</a>, in <em>U.S. v. Gratkowski</em>, the U.S. Court of Appeals for the Fifth Circuit ruled that law enforcement does not need to get a warrant in order to obtain financial transaction data from cryptocurrency exchanges—in this instance, the exchange was Coinbase. In that case, the court relied on the third-party doctrine. This doctrine holds that when people use services such as banks, they lose their reasonable expectation of privacy in the information that they turn over to a third party.</p>
709 <p>The third-party doctrine, and the court’s reliance on it in <em>Gratkowski</em>, is wrong. Storing your data with a third party should not mean that users lose any reasonable expectation of privacy. That makes no sense in a world where everyone navigates through their daily life by relying on services such as email that provide third parties with access to sensitive information.</p>
710 <p>But we do not know how many other cases are out there like <em>Gratkowski</em>, which is why we need more transparency from Coinbase. In providing the public with data on how often law enforcement seek user data and how often services comply, transparency reports show whether companies are living up to their <a href="https://www.eff.org/who-has-your-back-2017"></a> <a href="https://www.eff.org/who-has-your-back-2017">promises to protect</a> user privacy. They also serve an important secondary role by providing details on government surveillance activities.</p>
711 <p>As one of the largest individual companies in the U.S. cryptocurrency market, Coinbase wields tremendous power and influence over this dynamic. It should stand up for its users and also use its market power and influence to show others that transparency reports are an industry standard for all cryptocurrency exchanges. Releasing a transparency report would be one way for Coinbase to display leadership and fill in the gaps in our current knowledge, by simply shining a much-needed light on government requests for information.</p>
712
713 </div></div></div></description>
714 <pubDate>Wed, 02 Sep 2020 19:12:16 +0000</pubDate>
715 <guid isPermaLink="false">103671 at https://www.eff.org</guid>
716 <category domain="https://www.eff.org/issues/blockchain">Blockchain</category>
717 <dc:creator>Hayley Tsukayama</dc:creator>
718 <enclosure url="https://www.eff.org/files/banner_library/block-chain-1.png" alt="Block Chain Innovation" type="image/png" length="38348" />
719 </item>
720 <item>
721 <title>How California’s Assembly Killed The Effort to Expand Broadband for All Californians</title>
722 <link>https://www.eff.org/deeplinks/2020/09/how-californias-assembly-killed-effort-expand-broadband-all-californians</link>
723 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>California is facing a broadband access crisis, as parents are relying more on the Internet every day trying to keep their jobs in the midst of the pandemic while remotely educating their kids. The people of California need help, and the state should move forward now to begin the work needed to finally close the digital divide. Yet with just hours left in this year’s legislative session, the California Assembly refused <span><a href="https://sd33.senate.ca.gov/news/2020-08-31-assembly-leadership-sidelines-broadband-all-bill-hurts-underserved-children-parents">to hear SB 1130, or any deal,</a></span> to expand broadband access—a refusal that came out of the blue, without any explanation to the more than 50 groups that supported this bill. And that kind of blockade is only possible at the direction of California’s Speaker of the Assembly, Speaker Anthony Rendon.</p>
724 <p>A deal to expand broadband would have secured more than 100 million dollars a year to secure access to high-speed Internet for families, first responders, and seniors across the state. Senator Lena Gonzalez built a broad coalition of support for this bill, and had the support of the California Senate and Governor Gavin Newsom.</p>
725 <p>As Sen. Gonzalez <span><a href="https://sd33.senate.ca.gov/news/2020-08-31-assembly-leadership-sidelines-broadband-all-bill-hurts-underserved-children-parents">said in a press release</a></span> on the bill, “During this crisis, children are sitting outside Taco Bell so they can access the Internet to do their homework, but the Assembly chose to kill SB 1130, the only viable solution in the state legislature to help close the digital divide and provide reliable broadband infrastructure for California students, parents, educators, and first responders in our communities.”</p>
726 <p>Yet the Assembly insisted on poison pill amendments that support big industry instead of California residents and families. Despite your hundreds of phone calls and letters of support for this bill, the Assembly failed to do what’s right by the people of California this session.</p>
727 <p>We won’t stop fighting. EFF was proud to co-sponsor this bill with Common Sense Media, and will continue to explore all options to get the state to address this problem in the coming months and next session. Why? Because we, too, believe that every student should have an Internet connection at least as good as the <span><a href="https://twitter.com/CNN/status/1300757572761288705">Taco Bell down the street</a></span>.</p>
728 <h3><strong>Playing Politics With Necessities</strong></h3>
729 <p>SB 1130 was in a strong position heading into the Assembly. The California Senate on June 26, 2020, voted 30-9 to pass the bill, giving its stamp of approval to update the California Advanced Services Fund (CASF) to expand its eligibility to all Californians lacking high-speed access. The bill paved the way for state-financed networks that would have been up to handling Internet traffic for decades to come, and would have been able to deliver future speeds of 100 mbps for download and upload without more state money.</p>
730 <p class="pull-quote">The pandemic has exposed how badly a private-only approach to broadband has failed us all. The Assembly failed us, too.</p>
731 <p>Under the current law, only half of Californians lacking high-speed access are eligible for these funds, which also only requires ISPs to build basic Internet access at just 10 mbps for download and 1 mbps for upload. This is effectively is a waste of tax money today because it does not even enable remote work and remote education. Recognizing this, Senate leadership worked to address concerns with the bill, and struck a nuanced deal to:</p>
732 <ol>
733 <li>Stabilize and expand California’s Internet Infrastructure program, and allow the state to spend over $500 million on broadband infrastructure as quickly as possible with revenues collected over the years</li>
734 <li>Enable local governments to bond finance $1 billion with state support to secure long-term low interest rates to directly support school districts</li>
735 <li>Build broadband networks at a minimum of 100 mbps download, with an emphasis on scalability to ensure the state does not have to finance new construction later</li>
736 <li>Direct support towards low-income neighborhoods that lack broadband access</li>
737 <li>Expand eligibility for state support to ensure every rural Californian receives help</li>
738 </ol>
739 <p>Yet the Assembly proposed amendments that would have weakened the bill and given unfair favors to big ISPs, which oppose letting communities build their own broadband networks. After repeatedly stalling attempts at negotiation, refusing to consider amendments, and using their delays as an excuse to hide behind procedural minutae, the bill was shelved at the direction of Assembly leadership on August 30, prompting our call for them to act before the session ended.</p>
740 <p>Assembly leadership and Speaker Rendon chose the path of inaction, confusion, and division—instead of doing the work critical to serve Californians at school and work who are desperately in need for these critical infrastructure improvements while they seek to shelter in place.</p>
741 <h3><strong>Why We Can’t Let Up</strong></h3>
742 <p>We will keep fighting. We got so close to expanding broadband access to all Californians—and that’s why the resistance was so tenacious. The industry knows their regional monopolies are in jeopardy if someone else builds <span><a href="https://www.eff.org/deeplinks/2019/10/why-fiber-vastly-superior-cable-and-5g">vastly superior</a></span> and cheaper fiber to the home networks. Support is building from local governments across the state of California, which are ready to debt-finance their own fiber if they can receive a small amount of help from the state.</p>
743 <p>Californians see this for what it is: a willful failure of leadership, at the expense of schoolchildren, workers, those in need of telehealth services, and first responders.</p>
744 <p>By not acting now, the Assembly chose to leave millions of Californians behind—especially in rural areas and in communities of color that big ISPs have refused to serve. The pandemic has exposed how badly a private-only approach to broadband has failed us all. The Assembly failed us, too.</p>
745 <p>We’re thankful the Senate, the governor, and supporters like you stand ready to address the critical issue of Californians’ broadband needs. California must not wait to start addressing this problem. <span>EFF will continue exploring all options to close the digital divide, whether that happens in a special California legislative session, or in the next session.</span></p>
746
747 </div></div></div></description>
748 <pubDate>Tue, 01 Sep 2020 22:28:58 +0000</pubDate>
749 <guid isPermaLink="false">103669 at https://www.eff.org</guid>
750 <category domain="https://www.eff.org/issues/innovation">Creativity & Innovation</category>
751 <dc:creator>Ernesto Falcon</dc:creator>
752 <dc:creator>Hayley Tsukayama</dc:creator>
753 <enclosure url="https://www.eff.org/files/banner_library/fcc-forbearance_banner-f_0.png" alt="" type="image/png" length="62913" />
754 </item>
755 <item>
756 <title>Digital Identification Must Be Designed for Privacy and Equity</title>
757 <link>https://www.eff.org/deeplinks/2020/08/digital-identification-must-be-designed-privacy-and-equity-10</link>
758 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>With growing frequency, the digital world calls for verification of our digital identities. Designed poorly, digital identification can invade our privacy and aggravate existing social inequalities. So privacy and equity must be foremost in discussions about how to design digital identification.</span></p>
759 <p><span>Many factors contribute to one's identity; degrees, morals, hobbies, schools, occupations, social status, personal expression, etc. The way these are expressed looks different depending on the context. Sometimes, identity is presented in the form of paper documentation. Other times, it’s an account online. </span></p>
760 <p><span>Ever since people have been creating online accounts for various services and activities, the concept of the online identity has warped and been reshaped. In recent years, many people are discussing the idea of a “<a href="https://www.youtube.com/watch?v=djhYZZ3CkuM" target="_blank" rel="noopener noreferrer">self-sovereign identity</a> (SSI)” that lets you share your identity freely, confirm it digitally, and manage it independently—without the need of an intermediary between you and the world to confirm who you are. Such an identity is asynchronous, decentralized, portable, and most of all, in control of the identity holder. A distinct concept within SSI is “<a href="https://w3c.github.io/did-core/#dfn-decentralized-identifiers" target="_blank" rel="noopener noreferrer">decentralized identifier</a>,” which focuses more on the technical ecosystem where one controls their identity.</span></p>
761 <p><span>There has been a growing push for digital forms of identification. Proponents </span><a href="https://ssimeetup.org/self-sovereign-identity-explained-cios-steve-manning-webinar-44/" target="_blank" rel="noopener noreferrer"><span>assert</span></a><span> it is an easier and more streamlined way of proving one’s identity in different contexts, that it will lead to faster access to government services, and that it will make ID’s more inclusive.</span></p>
762 <p><span>Several technical specifications have been recently published that expand on this idea into real world applications. This post discusses two of them, with a focus on the privacy and equity implications of such concepts, and how they are deployed in practice.</span></p>
763 <h2>The Trust Model</h2>
764 <p>Major specifications that address digital identities place them in the “trust model” framework of the Issuer/Holder/Verifier relationship. This is often displayed in a triangle, and shows the flow of information between parties involving digital identification.</p>
765 <p><strong><span><img src="/files/2020/08/31/1200px-vc_triangle_of_trust.svg_.png" alt="Issuer Holder Verifier Relationship Displayed in a Triangular Fashion with one way relationships between each part" width="1200" height="749" /></span></strong></p>
766 <p><span>The question of who acts as the issuer and the verifier changes with context. For example, a web server (verifier) may ask a visitor (holder) for verification of their identity. In another case, a law enforcement officer (verifier) may ask a motorist (holder) for verification of their driver’s license. As in these two cases, the verifier might be a human or an automated technology. </span></p>
767 <p><span>Issuers are generally institutions that you already have an established relationship with and have issued you some sort of document, like a college degree or a career certification. Recognizing these more authoritative relationships becomes important when discussing digital identities and how much individuals control them.</span></p>
768 <h3><span>Verifiable Credentials</span></h3>
769 <p><span>Now that we’ve established the framework of digital identity systems, let’s talk about what actually passes between issuers, holders, and verifiers: a verified credential. What is a verified credential? Simply put, it is a claim that is trusted between an issuer, a holder, and a verifier.</span></p>
770 <p><span>In November 2019, the World Wide Web Consortium (W3C) published an important standard, the </span><a href="https://www.w3.org/TR/vc-data-model/#introduction" target="_blank" rel="noopener noreferrer"><span>Verified Credential Data Model</span></a><span>. </span></p>
771 <p><span>This was built in the trust model format in a way that satisfies the principles of decentralized identity. The structure of a verified credential consists of three parts: a credential metadata, a claim, and a proof of that claim. The credential metadata can include information such as issue date, context, and type.</span></p>
772 <p><code><span>..</span></code></p>
773 <p><code><span>"id": "http://example.edu/credentials/1872",</span></code></p>
774 <p><code><span>"issuanceDate": "2010-01-01T19:73:24Z",</span></code></p>
775 <p><code><span>"type": ["VerifiableCredential", "AlumniCredential"],</span></code></p>
776 <p><code><span>...</span></code></p>
777 <p><span>The ID section in this VC gives way to a W3C drafted specification: <a href="https://w3c.github.io/did-core/">Decentralized Identifiers</a>. This specification was built with the principles of Decentralized/Sovereign Identity in mind, in the context of portability.</span></p>
778 <p><code><span>...</span></code></p>
779 <p><code><span>"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",</span></code></p>
780 <p><code><span>"alumniOf": {</span></code></p>
781 <p><code><span>...</span></code></p>
782 <p><span>While these specifications provide structure, they do not guarantee <i>integrity</i> of the data.</span></p>
783 <h3><span>Mobile Driver’s Licenses</span></h3>
784 <p><span>The W3C is not the only standards body working to build specifications to define how digital identity is built and exchanged. The International Organization for Standardization has an as-yet unpublished standard that defines how a <a href="https://www.iso.org/standard/69084.html" target="_blank" rel="noopener noreferrer">Mobile Driver’s License</a> (mDL) application would function on a mobile device. This also follows the trust model discussed above, and extends it to how our phones could be used in these exchanges of verifying our driver’s licenses.</span></p>
785 <p><span>This specification isn’t centered on decentralized identity. Rather, it defines mobile portability of one’s government issued ID in a mobile application. It is relevant to discuss as one of the <a href="https://dis-blog.thalesgroup.com/government/2017/07/25/colorado-first-state-launch-digital-drivers-license-live-pilot/" target="_blank" rel="noopener noreferrer">digital identification options different governments have</a> tried. The focus of mobile driver’s licenses gives us a practical way to examine the exchange of data, anti-tampering systems, and data privacy. The specification discusses widely available and agreed-upon standards for dealing with session management, encryption, authentication, and storage.</span></p>
786 <h2><span>“Digital First” Identities Could Lead to Privacy and Equity Last</span></h2>
787 <p><span>These thorough specifications are a significant contribution to the development of digital identification. But the concept of “digital first” raises major concerns around privacy preservation, safety, and their impact on marginalized communities.</span></p>
788 <p><span>Both specifications recommend data minimization, avoiding collection of personally identifiable information (PII), proper auditing, proper consent and choice, and transparency. However, without a comprehensive federal </span><a href="https://www.eff.org/deeplinks/2019/06/effs-recommendations-consumer-data-privacy-laws" target="_blank" rel="noopener noreferrer"><span>data privacy law</span></a><span>, these are just recommendations, not mandates. Our data is not generally protected and we currently suffer from private companies </span><a href="https://www.eff.org/deeplinks/2020/07/dont-believe-proven-liars-absolute-minimum-standard-prudence-merger-scrutiny" target="_blank" rel="noopener noreferrer"><span>constantly mismanaging and unethically exchanging data</span></a><span> about our everyday lives. Every time a digital ID holder uses their ID, there is an opportunity for the ID issuer and the ID verifier to gather personal data about the ID holder. For example, if a holder uses their digital ID to prove their age to buy a six-pack of beer, the verifier might make a record of the holder’s age status. Even though PII wouldn’t be exchanged in the credential itself, the holder may have payment info associated with this time in transaction. This collusion of personal information might be sold to data brokers, seized by police or immigration officials, stolen by data thieves, or misused by employees. This is why, at a minimum, having a “digital first” identity should be a choice by the citizen, and not a mandate by the government. </span></p>
789 <p><span>Some of these privacy hazards might be diminished with “</span><a href="https://www.w3.org/TR/vc-data-model/#zero-knowledge-proofs" target="_blank" rel="noopener noreferrer"><span>Zero-Knowledge Proofs</span></a><span>”, which cryptographically confirm a particular value without disclosing that value or associated information. For example, such a proof might confirm that a holder received a degree from a university, without revealing the holder’s identity or any other personal data contained in that degree. The W3C and mDL specifications promote such anonymous methodologies. But these specs are dependent on all parties voluntarily doing their part to complete the Trust Model.</span></p>
790 <p><span>That will not always be the case. For example, when a holder presents their digital identification to a law enforcement official, that official will probably use that identification to gather as much information as they can about the holder. This creates special risks for members of our society, including immigrants and people of color, who already are disparately vulnerable to abuse by police, border patrol, or other federal agents. Moreover, mandated </span><a href="https://www.eff.org/issues/national-ids" target="_blank" rel="noopener noreferrer"><span>digitized IDs </span></a><span>are a troubling step towards a </span><a href="https://www.eff.org/issues/national-ids/india" target="_blank" rel="noopener noreferrer"><span>national ID database</span></a><span>, which could centralize in one place all information about how a holder uses their ID. </span></p>
791 <p><span>One could argue that these specifications do not themselves create national ID databases. But in practice, private </span><a href="https://www.axios.com/coronavirus-health-screening-digital-id-48f5ee5b-05c4-4b5e-8fda-4d2f59b946b0.html" target="_blank" rel="noopener noreferrer"><span>digital ID companies that utilized biometric technology</span></a><span> to confirm people’s identities are very active in these conversations of actual implementation.The W3C’s Verified Credentials recognize the privacy concern of </span><a href="https://www.w3.org/TR/vc-data-model/#long-lived-identifier-based-correlation" target="_blank" rel="noopener noreferrer"><span>persistent, long term identifiers</span></a><span> about personal information. </span></p>
792 <p><span>There also are privacy concerns in other applications of verified credentials. In California, Asm. Ian Calderon and Sen. Bob Hertzberg have</span><a href="https://www.eff.org/deeplinks/2020/08/no-blockchain-credentials-covid-19-test-results-entry-public-spaces" target="_blank" rel="noopener noreferrer"><span> proposed a bill</span></a><span> (A.B. 2004) that would purport to verify dynamic and volatile information such as COVID-19 testing results, using a loosely interpreted application of the W3C’s Verified Credentials. We </span><a href="https://www.eff.org/deeplinks/2020/08/california-tell-your-senators-ill-conceived-immunity-passports-wont-help-us" target="_blank" rel="noopener noreferrer"><span>oppose</span></a><span> this bill as a dangerous step towards </span><a href="https://www.eff.org/deeplinks/2020/05/immunity-passports-are-threat-our-privacy-and-information-security" target="_blank" rel="noopener noreferrer"><span>immunity passports</span></a><span>, second-class citizenship based on health status, and national digital identification. In this case, it’s not the specification itself that is the concern, but rather the use of it to justify creating a document that could cause new privacy hazards and exacerbate current inequality in society. Presenting whether or not you have been infected is a </span><a href="https://www.eff.org/deeplinks/2020/05/immunity-passports-are-threat-our-privacy-and-information-security" target="_blank" rel="noopener noreferrer"><span>matter of privacy within itself</span></a><span>, no matter how well thought out and secure the application used to platform it is.</span></p>
793 <p><span>When thinking about verified credentials, solutions to make personal information more portable and easy to share should not ignore the current state of data protection, or the lack of access to technology in our society. The principles of decentralizing one's information into their own ownership are completely related to, and contextualized by, privilege. Any application a government, company, or individual creates regarding identity, will always be political. Therefore, we must use technology in this context to reduce harm, not escalate it. </span></p>
794 <p><span>Some potential uses of digital identification might create fewer privacy risks while helping people at society’s margins. There are ways that digital identifiers can respect privacy recommendations, such as in cases where people can use a one-time, static, digital document for confirmation, which is then destroyed after use. This can reduce situations in which people are asked for an </span><i><span>excessive</span></i><span> amount of documentation just to access a service. This can especially benefit people marginalized by power structures in society. For example, some rental car companies require customers who want to use cash (who are disproportionately unbanked or underbanked people) to bring in their utility statements. A one-time digital identifier of home address might facilitate this transaction. Likewise, government officials sometimes require a child’s immunization records to access family benefits like the WIC (Women, infants, and Children) nutrition program. A one-time digital identifier of immunization status might make this easier. These are examples of how verified credentials could improve privacy and address inequality, without culminating in a “true” decentralized identity.</span></p>
795 <p><span>The privacy recommendations in the W3C and mDL specs must be treated as a floor and not a ceiling. We implore the digital identity community and technologists to consider the risks to privacy and social equity. It can be exciting for a privileged person to be able to freely carry one’s information in a way that breaks down bureaucracy and streamline their life. But if such technology becomes a mandate, it could become a nightmare for many others.</span></p>
796 <p><span></span></p>
797
798 </div></div></div></description>
799 <pubDate>Mon, 31 Aug 2020 22:39:07 +0000</pubDate>
800 <guid isPermaLink="false">103659 at https://www.eff.org</guid>
801 <category domain="https://www.eff.org/taxonomy/term/70">Commentary</category>
802 <category domain="https://www.eff.org/taxonomy/term/77">Technical Analysis</category>
803 <category domain="https://www.eff.org/issues/national-ids">Mandatory National IDs and Biometric Databases</category>
804 <dc:creator>Alexis Hancock</dc:creator>
805 <enclosure url="https://www.eff.org/files/banner_library/mobile-privacy.png" alt="" type="image/png" length="23559" />
806 </item>
807 <item>
808 <title>New Federal Court Rulings Find Geofence Warrants Unconstitutional</title>
809 <link>https://www.eff.org/deeplinks/2020/08/new-federal-court-rulings-find-geofence-warrants-unconstitutional-0</link>
810 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>Two federal magistrate judges in three </span><a href="https://www.eff.org/document/re-search-information-stored-premises-controlled-google-no-20-m-297-de-4-nd-ill-july-8-2020"><span>separate</span></a> <a href="https://www.eff.org/document/re-search-info-stored-premises-controlled-google-no-20-m-392-2020-us-dist-lexis-152712-nd"><span>opinions</span></a><span> have ruled that a geofence warrant violates the Fourth Amendment’s probable cause and particularity requirements. Two of these rulings, from the federal district court in Chicago, were recently unsealed and provide a detailed constitutional analysis that closely aligns with arguments </span><a href="https://www.eff.org/deeplinks/2019/04/googles-sensorvault-can-tell-police-where-youve-been"><span>EFF</span></a><span> and </span><a href="https://www.nacdl.org/Content/United-States-v-Chatrie,-No-3-19-cr-130-(E-D-Va-)"><span>others</span></a><span> have been making against geofence warrants for the last couple years.</span></p>
811 <p><span>Geofence warrants, also known as reverse location searches, are a relatively </span><a href="https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html"><span>new investigative technique</span></a><span> used by law enforcement to try to identify a suspect. Unlike ordinary warrants for electronic records that identify the suspect in advance of the search, geofence warrants essentially work backwards by scooping up the location data from every device that happened to be in a geographic area during a specific period of time in the past. The warrants therefore allow the government to examine the data from individuals wholly unconnected to any criminal activity and use their own discretion to try to pinpoint devices that might be connected to the crime. Earlier this summer, EFF filed an amicus brief in </span><a href="https://www.eff.org/deeplinks/2020/07/eff-files-amicus-brief-arguing-geofence-warrants-violate-fourth-amendment"><i><span>People v. Dawes</span></i></a><span>, a case in San Francisco Superior Court, arguing that a geofence warrant used there violates deep-rooted Fourth Amendment law. </span></p>
812 <p><span>In Chicago, the government applied to a magistrate judge for a geofence warrant as part of an investigation into stolen pharmaceuticals. Warrant applications like these occur before there is a defendant in a case, so they are almost never adversarial (there’s no lawyer representing a defendant’s interest), and we rarely find out about them until well after the fact, which makes these unsealed opinions all the more interesting. </span></p>
813 <p><span>Here, the government submitted an application to compel Google to disclose unique device identifiers and location information for all devices within designated areas during forty-five minute periods on three different dates. The geofenced areas were in a </span><a href="https://www.eff.org/document/re-search-information-stored-premises-controlled-google-no-20-m-297-de-4-nd-ill-july-8-2020"><span>densely populated city</span></a><span> near busy streets with restaurants, commercial establishments, a medical office, and “at least one large residential complex, complete with a swimming pool, workout facilities, and other amenities associated with upscale urban living.” </span></p>
814 <p><span>As we’ve seen with other geofence warrants, the government’s original application proposed a three-step protocol to obtain the information. At the first step, Google would produce detailed and anonymized location data for devices that reported their location within the geofences for three forty-five minute periods. After that, the government would review that information and produce a list of devices for which it desired additional information. Then at the last step, Google would be required to produce information identifying the Google accounts for the requested devices. </span></p>
815 <p><span>On July 8, in the first unsealed </span><a href="https://www.eff.org/document/re-search-information-stored-premises-controlled-google-no-20-m-297-de-4-nd-ill-july-8-2020"><span>opinion</span></a><span>, U.S. Magistrate Judge M. David Weisman rejected the government’s request, finding “two obvious constitutional infirmities.” First, the court determined that the warrant was overbroad. While the court agreed that the government had established probable cause that a single cell phone user within the geofence might have commited a crime, the court held there was no probable cause to believe all the other devices in the area were connected to the crime as well. Importantly, the court rejected an argument we’ve seen the government make in the past that the search warrant was narrowly tailored because it covered only limited areas over short time periods. The court noted: </span></p>
816 <blockquote><p><span>the geographic scope of [the] request in a congested urban area encompassing individuals’ residences, businesses, and healthcare providers is not ‘narrowly tailored’ when the vast majority of cellular telephones likely to be identified in this geofence will have nothing whatsoever to do with the offenses under investigation. </span></p>
817 </blockquote>
818 <p><span>Second, the court determined that the warrant application failed to meet the Fourth Amendment’s particularity requirement. The court emphasized that there was nothing in the three-step protocol stopping the government from obtaining the user information for </span><i><span>every </span></i><span>device within the geofences. </span></p>
819 <p><span>In response to the court’s order, the government submitted an amended application by slightly narrowing the geographic scope of the geofences. A second magistrate judge, Judge Gabriel Fuentes rejected that application in an order that remains under seal. </span></p>
820 <p><span>Then, the government came back to the court yet again. This time, the government proposed eliminating the third step of the protocol. Judge Fuentes, however, was unmoved by the new changes because the government admitted it could just use a separate subpoena to get that detailed user information. In a 42-page </span><a href="https://www.eff.org/document/re-search-info-stored-premises-controlled-google-no-20-m-392-2020-us-dist-lexis-152712-nd"><span>decision</span></a><span> rejecting the government’s application, Judge Fuentes, in large part, echoed Judge Wiesman’s earlier opinion. Notably, the court looked back to the Supreme Court’s decision in </span><a href="https://supreme.justia.com/cases/federal/us/444/85/"><i><span>Ybarra v. Illinois</span></i><span> (1979)</span></a><span>, a case that famously established that a warrant to search a bar and a bartender didn’t give police the power to search every person who happened to be in the bar. The court then rightly noted the similarities between the government’s unconstitutional conduct in </span><i><span>Ybarra </span></i><span>and the geofence warrant. It wrote that, similar to </span><i><span>Ybarra</span></i><span>, the government was seeking “unlimited discretion” to search </span><i><span>all</span></i><span> users’ devices in a given area—including users who merely walked along the sidewalk next to a business or lived in the residences above it—based on nothing more than their proximity to a suspected crime.</span></p>
821 <p><span>These decisions are good news. Judges too often rubber stamp warrant applications. But here, in careful, well-reasoned opinions that reflect what Judge Fuentes described as “[l]ongstanding Fourth Amendment principles of probable cause and particularity,” both judges stood up to protect constitutional rights in the face of government overreach. </span></p>
822 <p><span>Nonetheless, as the judges noted at various points in their opinions, geofence warrants are becoming more and more prevalent. Judge Weisman wrote at the end of his opinion: </span></p>
823 <blockquote><p><span>[t]he government's undisciplined and overuse of this investigative technique in run-of the-mill cases that present no urgency or imminent danger poses concerns to our collective sense of privacy and trust in law enforcement officials. </span></p>
824 </blockquote>
825 <p><span>Indeed, statistics from </span><a href="https://assets.documentcloud.org/documents/6747427/2.pdf"><span>Google</span></a><span> confirm that: “Year over year, Google has observed a 1,500% increase in the number of geofence requests it received in 2018 compared to 2017; and [as of December 2019], the rate [] increased from over 500% from 2018 to 2019.” And </span><a href="https://www.cnet.com/news/geofence-warrants-how-police-can-use-protesters-phones-against-them/"><span>news reports</span></a><span> have revealed that prosecutors have used geofence warrants across the country. The risk of error and abuse with these warrants isn’t abstract. Last year, NBC News </span><a href="https://www.nbcnews.com/news/us-news/google-tracked-his-bike-ride-past-burglarized-home-made-him-n1151761"><span>reported</span></a><span> about an innocent person who got caught up in a geofence warrant.</span></p>
826 <p><span>That is deeply worrying. Indiscriminate searches like geofence warrants both put innocent people in the government’s crosshairs for no good reason and give law enforcement unlimited discretion that can be deployed arbitrarily and invidiously. But the Framers of the Constitution knew all too well about the dangers of overbroad warrants and they enacted the Fourth Amendment to outlaw them.</span></p>
827
828 </div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/cases/carpenter-v-united-states">Carpenter v. United States</a></div></div></div></description>
829 <pubDate>Mon, 31 Aug 2020 18:10:43 +0000</pubDate>
830 <guid isPermaLink="false">103647 at https://www.eff.org</guid>
831 <dc:creator>Jennifer Lynch</dc:creator>
832 <dc:creator>Nathaniel Sobel</dc:creator>
833 <enclosure url="https://www.eff.org/files/banner_library/og-unreliableinformants2_1.png" alt="Locational Privacy" type="image/png" length="114694" />
834 </item>
835 <item>
836 <title>California’s Assembly May Do Nothing to Help on Broadband—Thanks to Big ISPs</title>
837 <link>https://www.eff.org/deeplinks/2020/08/californias-assembly-may-do-nothing-help-broadband-thanks-big-isps</link>
838 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><strong>Update:</strong> Assembly Speaker Anthony Rendon has moved to table any efforts to close the digital divide this year. The pandemic has exposed how vital high-speed broadband is to the daily lives of all Californians. The Legislature must conclude all business by midnight on August 31. Call your Assemblymember TODAY and tell them to put the needs of Californians working and learning amid the pandemic over the interests of big ISPs.</p>
839 <p class="take-action"><a href="https://act.eff.org/action/california-tell-your-assemblymembers-that-all-californians-deserve-21st-century-internet">TAKE ACTION</a></p>
840 <p class="take-action take-explainer">California: Call On Your Assemblymember To Act on Broadband Now</p>
841 <p><em><strong>Original Post: </strong></em>As the final hours of the California legislative session tick down, it appears that the California Assembly may decide to not move forward on <a href="https://www.eff.org/deeplinks/2020/08/californians-sacramento-needs-your-voice-states-broadband-future">S.B. 1130 or any other legislative deal</a> to start addressing the digital divide this year.</p>
842
843 <p>There has been broad support for legislation to close the digital divide: from rural and urban representatives in the California Senate, from small businesses and consumer advocates, and from the governor’s office. But big Internet Service Providers (ISPs) oppose any and all such plans, from boosting local communities’ ability to bond finance fiber, to extending financing for infrastructure to areas that the major ISPs have ignored through a tiny fee that the ISPs already pay. In fact, they have opposed virtually every idea that would challenge their slow, non-broadband Internet monopoly profits just as strongly as every effort to connect the completely unserved. And that opposition from big ISPs appears to have been too much for the California Assembly to ignore.</p>
844 <p class="take-action"><a href="https://act.eff.org/action/california-tell-your-assemblymembers-that-all-californians-deserve-21st-century-internet">TAKE ACTION</a></p>
845 <p class="take-action take-explainer">California: Call On Your AssemblyMember To Act on Broadband Now</p>
846 <p>This is despite all the suffering people are enduring from a lack of universal access to robust Internet connections during the pandemic. Our Assembly appears unwilling to stand up for all the parents who are trying to work through the pandemic, while also educating their kids remotely. Instead, they’re bowing to the very companies that have actively caused that pain through systemically underinvesting in neighborhoods across the state while simultaneously reaping billions in profits from your monthly bills. By pressuring the California Assembly to literally do nothing during the crisis, large national ISP lobbyists are on the verge of winning arguably one of the biggest legislative victories in decades.</p>
847 <p>The people hurting most right now will pay the greatest price. We are regularly seeing photos of children having to do their school work in fast food restaurant parking lots because they can’t get a connection at home. Everyone knows this is a serious problem that warrants a serious response. As former State Senator Kevin De Leon remarked, this generation deserves better. California’s children deserve better.</p>
848 <p></p><div class="caption caption-center"><div class="caption-width-container"><div class="caption-inner"><a href="https://twitter.com/kdeleon/status/1299386969873461248"><img src="/files/2020/08/30/screen_shot_2020-08-30_at_9.25.04_am.png" alt="Two students sit outside a Taco Bell fast food restaurant to gain access to the restaurant's Internet." title="" width="1130" height="1186" /></a><p class="caption-text">From https://twitter.com/kdeleon/status/1299386969873461248</p></div></div></div>
849 <blockquote class="twitter-tweet"><p dir="ltr" lang="en" xml:lang="en">Two students sit outside a Taco Bell to use Wi-Fi so they can 'go to school' online.<br /><br />This is California, home to Silicon Valley...but where the digital divide is as deep as ever. <br /><br />Where 40% of all Latinos don't have internet access. This generation deserves better. <a href="https://t.co/iJPXvcxsLQ">pic.twitter.com/iJPXvcxsLQ</a></p>
850 <p>— Kevin de Leόn (@kdeleon) <a href="https://twitter.com/kdeleon/status/1299386969873461248?ref_src=twsrc%5Etfw">August 28, 2020</a></p></blockquote>
851 <p>There is no question that the major national ISPs have systemically avoided building modern connections to low-income neighborhoods in cities. Their fiber deployment decisions of high-speed access, dating back more than a decade, are now causing active harm to <a href="https://greenlining.org/our-work/technology-equity/">communities of color</a><span>. These decisions force </span>children from their homes to fast food restaurant parking lots to pursue their education—because, of course, those same ISPs happily built fiber infrastructure to those fast food mega-corporations. There is no defensible argument that supports this racially discriminatory digital redlining. Yet the California Assembly, facing this evidence, may opt to do nothing about it.</p>
852 <p>Doing nothing also means choosing to leave millions in rural communities behind. Slow Internet monopolies who make billions selling inferior, obsolete services to rural Californians have denied those communities adequate service for even longer. More than 2 million Californians rely on the now-bankrupt Frontier Communications for access to the Internet. Frontier, which in its filings to the government, revealed that <a href="https://www.eff.org/deeplinks/2020/04/frontiers-bankruptcy-reveals-cynical-choice-deny-profitable-fiber-millions">millions of its customers could have been <strong><em>profitably</em></strong> upgraded to fiber</a>. But, with its slumlord mentality, Frontier opted to pocket those investments for greater profits for as long as possible, until the house of cards collapsed. And it’s not the business executives that profited handsomely from this exploitation that are trapped inside that house. It’s rural Californians.</p>
853 <p>Shame is the only word that can describe the collective inaction of the California Assembly. It is a shame the Assembly is choosing to leave their fellow Californians behind—despite support for forward-thinking broadband plans from the California Senate, and from the Governor of California. It is a shame that the pandemic has not prompted a deeper realization among the Assembly that people need help. And it is a shame they will not recognize that government policy and money are the means to provide that help.</p>
854 <p>We have tried the private-only model for decades now, and we are living with the result today. There is no question: it has not worked. If you are in California and you think our legislature shouldn’t close for the year before taking decisive action on broadband access, call them now. They have the solutions in hand, and both the California Senate and Governor are willing to act. The Assembly just has to be willing to say no to Big ISPs and vote yes on a better future.</p>
855 <p class="take-action"><a href="https://act.eff.org/action/california-tell-your-assemblymembers-that-all-californians-deserve-21st-century-internet">TAKE ACTION</a></p>
856 <p class="take-action take-explainer">California: Call On Your AssemblyMember To Act on Broadband Now</p>
857
858 </div></div></div></description>
859 <pubDate>Sun, 30 Aug 2020 15:45:41 +0000</pubDate>
860 <guid isPermaLink="false">103641 at https://www.eff.org</guid>
861 <category domain="https://www.eff.org/taxonomy/term/73">Legislative Analysis</category>
862 <category domain="https://www.eff.org/issues/competition">Competition</category>
863 <category domain="https://www.eff.org/issues/net-neutrality">Net Neutrality</category>
864 <dc:creator>Ernesto Falcon</dc:creator>
865 <enclosure url="https://www.eff.org/files/banner_library/fcc-forbearance_banner-f_0.png" alt="" type="image/png" length="62913" />
866 </item>
867 <item>
868 <title>One Database to Rule Them All: The Invisible Content Cartel that Undermines the Freedom of Expression Online</title>
869 <link>https://www.eff.org/deeplinks/2020/08/one-database-rule-them-all-invisible-content-cartel-undermines-freedom-1</link>
870 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>Every year, millions of images, videos and posts that allegedly contain terrorist or violent extremist content are removed from social media platforms like YouTube, Facebook, or Twitter. A key force behind these takedowns is the Global Internet Forum to Counter Terrorism (GIFCT), an industry-led initiative that seeks to</span><a href="https://gifct.org/about/"> <span>“prevent terrorists and violent extremists from exploiting digital platforms.”</span></a><span> And unfortunately, GIFCT has the potential to have a </span><a href="https://www.eff.org/wp/caught-net-impact-extremist-speech-regulations-human-rights-content"><span>massive (and disproportionate) negative impact</span></a><span> on the freedom of expression of certain communities. <br /></span></p>
871 <p><span>Social media platforms have long struggled with the problem of extremist or violent content on their platforms. Platforms may have an intrinsic interest in offering their users an online environment free from unpleasant content, which is why most social media platforms’ terms of service contain a variety of speech provisions. During the past decade, however, social media platforms have also come under increasing pressure from governments around the globe to respond to violent and extremist content on their platforms. Spurred by the terrorist attacks in Paris and Brussels in 2015 and 2016, respectively, and guided by the shortsighted belief that censorship is an effective tool against extremism, governments have been turning to content moderation as a means to fix international terrorism. <br /></span></p>
872 <p><a href="https://www.newyorker.com/news/q-and-a/the-underworld-of-online-content-moderation"><span>Commercial content moderation</span></a><span> is the process through which platforms—more specifically, human reviewers or, very often, machines—make decisions about what content can and cannot be on their sites, based on their own Terms of Service, “community standards,” or other rules. </span></p>
873 <p><span>During the coronavirus pandemic, social media companies have been less able to use human content reviewers, and are instead </span><a href="https://www.eff.org/deeplinks/2020/04/automated-moderation-must-be-temporary-transparent-and-easily-appealable"><span></span><span>increasingly relying</span></a><span> on machine learning algorithms to moderate content as well as flag it. Those algorithms, which are really just a set of instructions for doing something, are fed with an initial set of rules and lots of training data in the hopes that they will learn to identify similar content But human speech is a complex social phenomenon and highly context-dependent; inevitably, </span><a href="https://www.eff.org/deeplinks/2019/04/content-moderation-broken-let-us-count-ways"><span>content moderation algorithms make mistakes</span></a><span>. What is worse, because machine-learning algorithms usually operate as black boxes that do not explain how they arrived at a decision, and as companies generally do not share either the basic assumptions underpinning their technology or their training data sets, third parties can do little to prevent those mistakes. </span></p>
874 <p><span>This problem has become more acute with the introduction of hashing databases for tracking and removing extremist content. Hashes are digital "fingerprints" of content that companies use to identify and remove content from their platforms. They are essentially unique, and allow for easy identification of specific content. When an image is identified as “terrorist content,” it is tagged with a hash and entered into a database, allowing any future uploads of the same image to be easily identified.</span></p>
875 <p><span>This is exactly what the GIFCT initiative aims to do: Share a massive database of alleged ‘terrorist’ content, contributed voluntarily by companies, amongst members of its coalition. The database collects ‘hashes’, or unique fingerprints, of alleged ‘terrorist’, or extremist and violent content, rather than the content itself. GIFCT members can then use the database to check in real time whether content that users want to upload matches material in the database. While that sounds like an efficient approach to the challenging task of correctly identifying and taking down terrorist content, it also means that one single database might be used to determine what is permissible speech, and what is taken down—across the entire Internet. </span></p>
876 <p><span>Countless examples have proven that it is very difficult for human reviewers—and impossible for algorithms—to consistently get the nuances of activism, counter-speech, and extremist content itself right. The result is that many instances of legitimate speech are falsely categorized as terrorist content and removed from social media platforms. Due to the proliferation of the GIFCT database, any mistaken classification of a video, picture or post as ‘terrorist’ content echoes across social media platforms, undermining users' right to free expression on several platforms at once. And that, in turn, can have </span><a href="https://www.nytimes.com/2019/10/23/opinion/syria-youtube-content-moderation.html"><span>catastrophic effects on the Internet as a space for memory and documentation</span></a><span>. Blunt content moderation systems can lead to the deletion of vital information not available elsewhere, such as evidence of human rights violations or war crimes. For example, the <a href="https://syrianarchive.org/">Syrian Archive</a>, an NGO dedicated to collecting, sharing and archiving evidence of atrocities committed during the Syrian war </span><a href="https://www.fastcompany.com/40540411/erasing-history-youtubes-deletion-of-syria-war-videos-concerns-human-rights-groups"><span>reports</span></a><span> that hundred of thousand videos of war atrocities are removed by YouTube annually. The Archive </span><a href="https://www.thedispatch.in/lost-memories-war-crimes-evidence-threatened-by-ai-moderation/"><span>estimates</span></a><span> that take down rates for videos documenting Syrian human rights violations is circa 13%, a number that has almost doubled to 20% in the wake of the coronavirus crisis. As noted, many social media platforms, including </span><a href="https://blog.youtube/news-and-events/protecting-our-extended-workforce-and"><span>YouTube</span></a><span>, have been using </span><a href="https://www.eff.org/deeplinks/2020/04/automated-moderation-must-be-temporary-transparent-and-easily-appealable"><span>algorithmic tools</span></a><span> for content moderation more heavily than usual, resulting in </span><a href="https://mashable.com/article/youtube-coronavirus-content-moderation/?europe=true"><span>increased takedowns</span></a><span>. If, or when, YouTube contributes hashes of content that depicts Syrian human rights violations, but has been tagged as ‘terrorist’ content by YouTube’s algorithms to the GIFCT database, that content could be deleted forever across multiple platforms. </span></p>
877 <p><span>The GIFCT </span><span>content cartel</span><span> not only risks losing valuable human rights documentation, but also has a disproportionately negative effect on some communities. Defining ‘terrorism’ is a inherently political undertaking, and rarely stable across time and space. Absent international agreement on what exactly constitutes terrorist, or even violent and extremist, content, companies look at the United Nations’ list of designated terrorist organizations or the US State Department’s list of Foreign Terrorist Organizations. But those lists mainly consist of Islamist organizations, and are largely blind to, for example, right-wing extremist groups. That means that the burden of GIFCT’s misclassifications falls disproportionately on Muslim and Arab communities and highlights the fine line between an effective initiative to tackle the worst content online and sweeping censorship.</span></p>
878 <p><span>Ever since the attacks on two Mosques in Christchurch in March 2019, GIFCT has been more prominent than ever. In response to the shooting, during which 51 people were killed, French President Emmanuel Macron and New Zealand Prime Minister Jacinda Ardern launched the Christchurch Call. That</span> <a href="https://www.diplomatie.gouv.fr/en/french-foreign-policy/digital-diplomacy/news/article/christchurch-call-to-eliminate-terrorist-and-violent-extremist-content-online"><span>initiative</span></a><span>, which aims to eliminate violent and extremist content online, foresees a prominent role for GIFCT. In the wake of this renewed focus on GIFCT, the initiative announced that it would evolve to an independent organization, including a new Independent Advisory Committee (IAC) to represent the voices of civil society, government, and inter-governmental entities. </span></p>
879 <p><span>However, the Operating Board, where real power resides, remains in the hands of industry. And the Independent Advisory Committee is already seriously flawed, as a coalition of civil liberties organizations has</span> <a href="https://cdt.org/wp-content/uploads/2019/02/Civil-Society-Letter-to-European-Parliament-on-Terrorism-Database.pdf"><span>repeatedly</span></a><span> noted. </span></p>
880 <p><span>For example, governments participating in the IAC are likely to leverage their position to influence companies’ content moderation policies and shape definitions of terrorist content that fit their interests, away from the public and eye and therefore lacking accountability. Including governments in the IAC could also undermine the meaningful participation of civil society organizations as many are financially dependent on governments, or might face threats of reprisals for criticism government officials in that forum. As long as civil society is treated as an afterthought, GIFCT will never be an effective multi-stakeholder forum. GIFCT’s flaws and their devastating effects on the freedom of expression, human rights, and the preservation of evidence of war crimes </span><a href="https://www.buzzfeednews.com/article/evanhill/silicon-valley-cant-be-trusted-with-our-history"><span>have been known for years</span></a><span>. Civil societies organizations have tried to help reform the organization, but GIFCT and its new Executive Director have remained unresponsive. Which leads to the final problem with the IAC: leading NGOs are choosing not to participate at all. </span></p>
881 <p><span>Where does this leave GIFCT and the millions of Internet users its policies impact? Not in a good place. Without meaningful civil society representation and involvement, full transparency and effective accountability mechanisms, GIFCT risks becoming yet another industry-led forum that promises multi-stakeholderism but delivers little more than government-sanctioned window-dressing. </span></p>
882
883
884 </div></div></div></description>
885 <pubDate>Thu, 27 Aug 2020 16:43:28 +0000</pubDate>
886 <guid isPermaLink="false">103634 at https://www.eff.org</guid>
887 <category domain="https://www.eff.org/taxonomy/term/70">Commentary</category>
888 <category domain="https://www.eff.org/issues/free-speech">Free Speech</category>
889 <category domain="https://www.eff.org/issues/corporate-speech-controls">Corporate Speech Controls</category>
890 <dc:creator>Svea Windwehr</dc:creator>
891 <dc:creator>Jillian C. York</dc:creator>
892 <enclosure url="https://www.eff.org/files/banner_library/free-speech-cat4_0.jpg" alt="A striped cat opines using a megaphone." type="image/jpeg" length="39270" />
893 </item>
894 <item>
895 <title>Voter Advocacy Orgs Sue Trump Administration for Executive Order Threatening Social Media Censorship</title>
896 <link>https://www.eff.org/press/releases/voter-advocacy-orgs-sue-trump-administration-executive-order-threatening-social-media</link>
897 <description><div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Unconstitutional Ploy Attempts to Coerce Companies to Curate Speech to Favor the President</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>San Francisco – The Electronic Frontier Foundation (EFF) has joined forces with <a href="https://protectdemocracy.org/">Protect Democracy</a> and <a href="https://www.cooley.com/">Cooley LLP</a> to represent five advocacy organizations suing President Trump and others in his administration for an unconstitutional executive order threatening their ability to receive accurate information free from government censorship. The plaintiffs are <a href="https://www.commoncause.org/">Common Cause</a>, <a href="https://www.freepress.net/">Free Press</a>, <a href="https://maplight.org/">Maplight</a>, <a href="https://www.rockthevote.org/">Rock the Vote</a>, and <a href="https://votolatino.org/">Voto Latino</a>.</p>
898 <p>“Our clients want to make sure that voting information found online is accurate, and they want social media companies to take proactive steps against misinformation,” said David Greene, EFF's Civil Liberties Director. “Social media platforms have the right to curate content however they like—whether it is about voting or not—but President Trump’s executive order punishes platforms for doing just that. Misusing an Executive Order to force companies to censor themselves or others is wrong and dangerous in the hands of any president. Here it’s a transparent attempt to retaliate against Twitter for fact-checking the president’s posts, as well as an obvious threat to any other company that might want to do the same.”</p>
899 <p>Trump signed the “Executive Order on Preventing Online Censorship” in May, after a well-publicized fight with Twitter. First, the president tweeted false claims about the reliability of online voting, and then Twitter decided to append a link to “get the facts about mail-in ballots.” Days later, Trump signed the order, which tasks government agencies with concocting a process for deciding whether any platform’s decision to moderate user-generated content was done with “good faith.” If found to be in bad faith, the order then asks for social media companies to lose millions of dollars in government advertising, as well as their legal protections under Section 230. Section 230 is the law that allows online services—like Twitter, Facebook, and others—to host and moderate diverse forums of users’ speech without being liable for their users’ content.</p>
900 <p>In the lawsuit filed in the United States District Court for the Northern District of California today, the plaintiffs argue that the executive order is designed to chill social media companies from moderating the president’s content in a way that he doesn’t like—particularly correcting his false statements about elections. In fact, since the order, Trump has tweeted multiple falsehoods about voting without any flagging by Twitter.</p>
901 <p>“Voters have a constitutional right to receive accurate information about voting alternatives without government interference, especially from a self-interested president who is lying to gain an advantage in the upcoming election. So when Trump retaliates against private social media companies for fact-checking his lies, it’s not only a First Amendment violation—it’s the kind of behavior you’d expect to see from a dictator,” said Kristy Parker, counsel with Protect Democracy. “In the midst of a global pandemic, when far more voters than usual may opt to vote by mail to protect their personal health, the president’s authoritarian actions are especially egregious.”</p>
902 <p>“We joined this cause to protect voters’ access to accurate information about voting during the pandemic, free from unconstitutional governmental meddling that is being done to advance a particular political viewpoint,” said Michael Rhodes, who chairs Cooley’s global cyber/data/privacy and Internet practices. “We want all voters to be able to make informed and independent political choices and that requires protecting online platforms’ ability to curate information without fear of reprisal from the federal government.”</p>
903 <p>For the full complaint in Rock the Vote et al. v. Trump:<br /><a href="https://www.eff.org/document/rock-vote-v-trump">https://www.eff.org/document/rock-vote-v-trump</a></p>
904
905
906 </div></div></div><div class="field field--name-field-contact field--type-node-reference field--label-above"><div class="field__label">Contact:&nbsp;</div><div class="field__items"><div class="field__item even"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
907
908
909 <div class="">
910 <div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">David</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Greene</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Civil Liberties Director</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:davidg@eff.org">davidg@eff.org</a></div></div></div> </div>
911
912 </div>
913
914 </div><div class="field__item odd"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
915
916
917 <div class="">
918 <div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Aaron</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Mackey</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Staff Attorney</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:amackey@eff.org">amackey@eff.org</a></div></div></div> </div>
919
920 </div>
921
922 </div></div></div></description>
923 <pubDate>Thu, 27 Aug 2020 16:12:22 +0000</pubDate>
924 <guid isPermaLink="false">103630 at https://www.eff.org</guid>
925 <dc:creator>Rebecca Jeschke</dc:creator>
926 </item>
927 <item>
928 <title>Our EU Policy Principles: User Controls</title>
929 <link>https://www.eff.org/deeplinks/2020/08/our-eu-policy-principles-user-controls</link>
930 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>As the EU is gearing up for a major reform of key Internet regulation, we are introducing the principles that will guide our policy work surrounding the Digital Services Act (DSA). We believe the DSA is a key opportunity to change the Internet for the better; to question the paradigm of capturing users’ attention that shapes our online environments so fundamentally, and to restore users’ autonomy and control. In this post, we introduce policy principles that aim to strengthen users' informational self-determination and thereby promote healthier online communities that allow for deliberative discourse. <br /></span></p>
931 <h2><b>A Chance to Reinvent Platform Regulation </b></h2>
932 <p><span>In a few months, the European Commission will introduce its much anticipated proposal for the </span><a href="https://ec.europa.eu/digital-single-market/en/digital-services-act-package"><span>Digital Services Act</span></a><span>, the most significant reform of European platform regulation in two decades. The Act, which will modernize the backbone of the EU’s Internet legislation—the </span><a href="https://ec.europa.eu/digital-single-market/en/e-commerce-directive"><span>e-Commerce Directive</span></a><span>—will set out new responsibilities and rules for online platforms. </span></p>
933 <p><span>EFF supports the Commission’s goal of promoting an </span><a href="https://ec.europa.eu/info/sites/info/files/communication-shaping-europes-digital-future-feb2020_en_4.pdf"><span>inclusive,</span> <span>fair and accessible digital society</span></a><span>. We believe that giving users more transparency and autonomy to understand and shape the forces that determine their online experiences is key to achieving this goal. Currently, there is a significant asymmetry between users and powerful gatekeeper platforms that control much of our online environment. With the help of opaque algorithmic tools, platforms distribute and curate content, collect vast amounts of data on their users and flood them with targeted advertisements. While platforms acquire (and monetize) a deep understanding of their users, both on an individual and collective level, users are in the dark about how their data is collected, exploited for commercial purposes and leveraged to shape their online environments. Not only are users not informed about the intricate algorithms that govern their speech and their actions online; platforms also unilaterally formulate and change community guidelines and terms of service, often without even informing users of relevant changes. </span></p>
934 <p><span>The DSA is a crucial chance to enshrine the importance of user control and to push platforms to be more accountable to the public. But there is also a risk that the Digital Services Act will follow the footsteps of the recent regulatory developments in Germany and France. The </span><a href="https://www.theguardian.com/world/2018/jan/05/tough-new-german-law-puts-tech-firms-and-free-speech-in-spotlight"><span>German NetzDG</span></a><span> and the </span><a href="https://www.eff.org/deeplinks/2020/06/eff-files-amicus-brief-top-french-court-bring-down-controversial-avia-bill"><span>French Avia bill</span></a><span> (which we helped </span><a href="https://www.eff.org/press/releases/victory-french-high-court-rules-most-hate-speech-bill-would-undermine-free-expression"><span>bring down in court)</span></a><span> show a worrying trend in the EU to force platforms to police users’ content without counter-balancing such new powers with more user autonomy, choice and control. </span></p>
935 <p><span>EFF will work with EU institutions to fight for users’ rights, </span><a href="https://www.eff.org/deeplinks/2020/07/our-eu-policy-principles-procedural-justice"><span>procedural safeguards</span></a><span>, and </span><a href="https://www.eff.org/deeplinks/2020/06/our-eu-policy-principles-interoperability"><span>interoperability</span></a><span> while preserving the elements that made Europe’s Internet regulation a success: </span><a href="https://www.eff.org/deeplinks/2020/07/effs-eu-policy-principles-platform-liability-and-monitoring"><span>limited liability</span></a><span> for online platforms for user-generated content, and a clear ban on filtering and monitoring obligations.</span></p>
936 <h2><b>Principle 1: Give Users Control Over Content</b></h2>
937 <p><span>Many services like Facebook and Twitter originally presented a strictly chronological list of posts from users’ friends. Over time, most large platforms have traded that chronological presentation for more complex (and opaque) algorithms that order, curate and distribute content, including advertising, and other promoted content. These algorithms, determined by the platform, are not necessarily centered on satisfying users’ needs, but usually pursue the sole goal of maximizing the time and attention people spend on a given website. Posts with more “engagement” are prioritised, even if that engagement is driven by strong emotions like anger or despair provoked by the post. While users sometimes can return to the chronological stream, the design of platforms’ interfaces often nudges them to switch back. Interfaces that are misleading or manipulating users, including “</span><a href="https://fil.forbrukerradet.no/wp-content/uploads/2018/06/2018-06-27-deceived-by-design-final.pdf"><span>dark patterns</span></a><span>”, often contravene core principles of European data protection laws and should be addressed in the Digital Services Act where appropriate.</span></p>
938 <p><span>Platforms’ algorithmic tools leverage their intimate knowledge of their users, assembled from thousands of seemingly unrelated data points. Many of the inferences drawn from that data feel unexpected to users: platforms have access to data that reaches further back than most users realize, and are able to draw conclusions from both individual and collective behavior. Assumptions about users’ preferences are thus often made by making inferences from seemingly unrelated data points. This may shape (and often limit) the ways in which users can interact with content online and can also amplify misinformation and polarization in ways that can undermine the transparent, deliberative exchange of information on which democratic societies are built.</span></p>
939 <p><span>Users do not have to accept this. There are many third-party plugins that re-frame social platforms’ appearance and content according to peoples’ needs and preferences. But right now, most of these plugins require technical expertise to discover and install, and platforms have a strong incentive to hide and prevent user adoption of such independent tools. The DSA is Europe’s golden opportunity to create a friendlier legal environment to encourage and support this user-oriented market. The regulation should support </span><a href="https://www.eff.org/deeplinks/2020/06/our-eu-policy-principles-interoperability"><span>interoperability and permit competitive compatibility</span></a><span>, and should establish explicit, enforceable rules against over-aggressive terms of service that seek to forbid all reverse-engineering and interconnection. Beyond the Digital Services Act, the EU must actively support open source and commercial projects in Europe that offer localised or user-empowering front-ends to platforms, and help foster a vibrant and viable market for these tools.</span></p>
940 <p><span>Giving people—as opposed to platforms—more control over content is a crucial step to addressing some of the most pervasive problems online that are currently poorly managed through content moderation practices. User controls should not require a heightened threshold of technological literacy needed to traverse the web safely. Instead, users of social media platforms with significant market power</span> <span>should be empowered to choose content they want to interact with—and filter out content they do not want to see—in a simple and user-friendly manner. Users should also have the option to decide against algorithmically-curated recommendations altogether, or to choose other heuristics to order content. </span></p>
941 <h2><b>Principle 2: Algorithmic Transparency</b></h2>
942 <p><span>Besides being given more control over the content with which they interact, users also deserve more transparency from companies to understand why content or search results are shown to them—or hidden from them. Online platforms should provide meaningful information about the algorithmic tools they use in content moderation (i.e., content recommendation systems, tools for flagging content) and content curation (for example in ranking or downranking content). Platforms should also offer easily accessible explanations that allow users to understand when, for which tasks, and to which extent algorithmic tools are used. To alleviate the burden on individual users to make sense of how algorithms are used, platforms with significant market power should allow </span><span>independent researchers and relevant regulators to audit their algorithmic tools to make sure they are used as intended.</span></p>
943 <h2><b>Principle 3: Accountable Governance</b></h2>
944 <p><span>Online platforms govern their users through their terms of service, community guidelines, or standards. These documents often entail the fundamental rules that determine what users are afforded to do on a platform, and what behavior is constrained. Platforms regularly update those documents, often in minor but sometimes in major ways—and usually without consulting or notifying their users of the changes. Users of such platforms must be notified whenever the rules that govern them change, must be asked for their consent and should be informed of the consequences of their choice. They should also be provided with a meaningful explanation of any substantial changes in a language they understand. Additionally, platforms should present their terms of service in machine-readable format and make all previous versions of their terms of service easily accessible to the public.</span></p>
945 <h2><b>Principle 4: Right to Anonymity Online</b></h2>
946 <p><span>There are countless reasons why individuals may not want to share their identity publicly online. While anonymity used to be common on the Internet, it has become increasingly more difficult to remain anonymous online. In their hopes to tackle hate speech or “fake news”, policymakers in the EU and beyond have been proposing duties for platforms to enforce the use of legal names. </span></p>
947 <p><span>For many people, however—including members of the LGBTQ+ community, sex workers, and victims of domestic abuse—such rules could have devastating effects and lead to harassment or other forms of attribution. We believe that as a general principle, Member States should respect the will of individuals not to disclose their identities online. The Digital Services Act should affirm users’ informational self-determination also in this regard and introduce the European right to anonymity online. Deviating terms of service should be subject to fairness control.</span></p>
948
949 </div></div></div></description>
950 <pubDate>Thu, 27 Aug 2020 07:21:37 +0000</pubDate>
951 <guid isPermaLink="false">103627 at https://www.eff.org</guid>
952 <category domain="https://www.eff.org/issues/eff-europe">European Union</category>
953 <category domain="https://www.eff.org/issues/eu-policy">EU Policy</category>
954 <dc:creator>Svea Windwehr</dc:creator>
955 <dc:creator>Christoph Schmon</dc:creator>
956 <dc:creator>Jillian C. York</dc:creator>
957 <enclosure url="https://www.eff.org/files/banner_library/free-speech-cat4_0.jpg" alt="A striped cat opines using a megaphone." type="image/jpeg" length="39270" />
958 </item>
959 <item>
960 <title>Throwing Out the FTC's Suit Against Qualcomm Moves Antitrust Law in the Wrong Direction</title>
961 <link>https://www.eff.org/deeplinks/2020/08/throwing-out-ftcs-suit-against-qualcomm-moves-antitrust-law-wrong-direction</link>
962 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>The government bestows temporary monopolies in the form of patents to promote future innovation and economic growth. Antitrust law empowers the government to break up monopolies when their power is so great and their conduct is so corrosive of competition that they can dictate market outcomes without worrying about their rivals. In theory, patent and antitrust law serve the same goals—promoting economic and technological development—but in practice, they often butt heads.</p>
963 <p>The relationship between antitrust and patent law is especially thorny when it comes to “standards-essential patents” or “SEPs.” These are patents that cover technologies considered “essential” for implementing standards—agreed-upon rules and protocols that allow different manufacturers’ devices to communicate with each other using shared network infrastructure. Some technology standards become standards by achieving widespread adoption through market forces (the QWERTY keyboard layout is on example). But many are the result of extensive deliberation and cooperation among industry players (including competitors), like the MP3 audio compression and 3G wireless communication standards.</p>
964 <p>Standards can enhance competition and consumer choice, but they also massively inflate the value of patents deemed essential to the standard, and give their owners the power to sue companies that implement the standard for money damages or injunctions to block them from using their SEPs. When standards cover critical features like wireless connectivity, SEP owners wield a huge amount of “hold-up” power because their patents allow them to effectively block access to the standard altogether. That lets them charge unduly large tolls to anyone who wants to implement the standard.</p>
965 <p>To minimize that risk, standard-setting organizations typically require companies that want their patented technology incorporated into a standard to promise in advance to license their SEPs to others on fair, reasonable, and non-discriminatory (FRAND) terms. But that promise strikes at a key tension between antitrust and patent law: patent owners have no obligation to let anyone use technology their patent covers, but to get those technologies incorporated into standards, patent owners usually have to promise that they will give permission to anyone who wants to implement the standard as long as they pay a reasonable license fee. </p>
966 <p>Qualcomm is one of the most important and dominant companies in the history of wireless communication standards. It is a multinational conglomerate that has owned patents on every major wireless communication standard since its first CDMA patent in 1985, and it participates in the standard-setting organizations that define those standards. Qualcomm is somewhat unique in that it not only licenses SEPs, but also supplies the modem chips used by a wide range of devices. These include chips that implement wireless communication standards, which lie at the heart of every mobile computing device.</p>
967 <p>Although Qualcomm promised to license its SEPs (including patents essential to CDMA, 3G, 4G, and 5G) on FRAND terms, its conduct has to many looked unfair, unreasonable, and highly discriminatory. In particular, Qualcomm has drawn scrutiny for bundling tens of thousands of patents together—including many that are not standard-essential—and offering portfolio-only licenses no matter what licensees actually want or need; refusing to sell modem chips to anyone without a SEP license and threatening to withhold chips from companies trying to negotiate different license terms; refusing to license anyone other than original-equipment manufacturers (OEMs); and insisting on royalties calculated as a percentage of the sale price of a handset sold to end users for hundreds of dollars, despite the minimal contribution of any particular patent to the retail value.</p>
968 <p>In 2017, the U.S. Federal Trade Commission <a href="https://www.ftc.gov/news-events/press-releases/2017/01/ftc-charges-qualcomm-monopolizing-key-semiconductor-device-used">sued</a> Qualcomm for violating both sections of the Sherman Antitrust Act by engaging in a number of anticompetitive SEP licensing practices. In May 2019, the U.S. District Court for the Northern District of California agreed with the FTC, identifying numerous instances of Qualcomm’s unlawful, anticompetitive conduct in a comprehensive <a href="https://www.eff.org/document/ftc-v-qualcomm-district-court-opinion">233-page opinion</a>. We were pleased to see the FTC take action and the district court credit the overwhelming evidence that Qualcomm’s conduct is corrosive to market-based competition and threatens to cement Qualcomm’s dominance for years to come.</p>
969 <p>But this month, a panel of judges from the Court of Appeals for the Ninth Circuit unanimously <a href="https://www.eff.org/document/ninth-circuit-opinion-ftc-v-qualcomm">overturned</a> the district court’s decision, reasoning that Qualcomm’s conduct was “hypercompetitive” but not “anticompetitive,” and therefore not a violation of antitrust law. To reach that result, the Ninth Circuit made the patent grant more powerful and antitrust law weaker than ever.</p>
970 <p>According to the Ninth Circuit, patent owners don’t have a duty to let anyone use what their patent covers, and therefore Qualcomm had no duty to license its SEPs to anyone. But that framing requires ignoring the promises Qualcomm made to license its SEPs on reasonable and non-discriminatory terms—promises that courts in this country and around the world have consistently enforced. It also means ignoring antitrust principles like the essential facilities doctrine, which limits the ability of a monopolist with hold-up power over an essential facility (like a port) to shut out rivals. Instead, the Ninth Circuit held rather simplistically that a duty to deal could arise only if the monopolist had provided access, and then reversed its policy.</p>
971 <p>But even when Qualcomm restricted its licensing policies in critical ways, the Ninth Circuit found reasons to approve those restrictions. For example, Qualcomm stopped licensing its patents to chip manufacturers and started licensing them only to OEMs. This had a major benefit: it let Qualcomm charge a much higher royalty rate based on the high retail price of the end user devices, like smartphones and tablets, that OEMs make and sell. If Qualcomm had continued to license to chip suppliers, its patents would be “exhausted” once the chips were sold to OEMs, extinguishing Qualcomm’s right to assert its patents and control how the chips were used.</p>
972 <p>Patent exhaustion is a century-old doctrine that protects the rights of consumers to use things they buy without getting the patent owner’s permission again and again. Patent exhaustion is important because it prevents price-gouging, but also because it protects space for innovation by letting people use things they buy freely, including to build innovations of their own. The doctrine thus helps patent law serve its underlying goal—promoting economic growth and innovation. In other words, the doctrine of exhaustion is baked into the patent grant; it is not optional. Nevertheless, the Ninth Circuit wholeheartedly approved of Qualcomm’s efforts to avoid exhaustion—even when that meant cutting off access to previous licensees (chip-makers) in ways that let Qualcomm charge far more in licensing fees than its SEPs could possibly have contributed to the retail value of the final product.</p>
973 <p>It makes no sense that Qualcomm could contract around a fundamental principle like patent exhaustion, but at the same time did not assume any antitrust duty to deal under these circumstances. Worse, it’s harmful for the economy, innovation, and consumers. Unfortunately, the kind of harm that antitrust law recognizes is limited to harm affecting “competition” or the “competitive process.” Antitrust law, at least as the Ninth Circuit interprets it, doesn’t do nearly enough to address the harm downstream consumers experience when they pay inflated prices for high-tech devices, and miss out on innovation that might have developed from fair, reasonable, and non-discriminatory licensing practices.</p>
974 <p>We hope the FTC sticks to its guns and asks the Ninth Circuit to go en banc and reconsider this decision. Otherwise, antitrust law will become an even weaker weapon against innovation-stifling conduct in technology markets. </p>
975
976 </div></div></div></description>
977 <pubDate>Thu, 27 Aug 2020 00:01:30 +0000</pubDate>
978 <guid isPermaLink="false">103624 at https://www.eff.org</guid>
979 <category domain="https://www.eff.org/taxonomy/term/72">Legal Analysis</category>
980 <category domain="https://www.eff.org/issues/competition">Competition</category>
981 <category domain="https://www.eff.org/issues/patents">Patents</category>
982 <dc:creator>Alex Moss</dc:creator>
983 </item>
984 <item>
985 <title>California: Tell Your Senators That Ill-Conceived “Immunity Passports” Won’t Help Us</title>
986 <link>https://www.eff.org/deeplinks/2020/08/california-tell-your-senators-ill-conceived-immunity-passports-wont-help-us</link>
987 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Californians should not be forced to present their smartphones to enter public places. But that’s exactly what A.B. 2004 would do, by directing the state to set up a blockchain-based system for <a href="https://www.eff.org/deeplinks/2020/05/immunity-passports-are-threat-our-privacy-and-information-security">“immunity passports”</a>: a verified health credential that shows the results of someone’s last COVID-19 test, and uses those to grant access to public places.</p>
988 <p>By claiming that blockchain technology is part of a unique solution to the public health crisis we’re in, AB 2004 is opportunism at its worst. We are proud to stand with Mozilla and the American Civil Liberties Union’s California Center for Advocacy and Policy in opposing this bill. We encourage you to tell your senator to oppose it, too.<strong> <br /></strong></p>
989 <p class="take-action"><a href="https://act.eff.org/action/california-tell-your-senator-that-blockchain-based-immunity-passports-are-a-bad-idea">Take Action</a></p>
990 <p class="take-action take-explainer">Tell Your Senator: Immunity Passports Are a Bad Idea</p>
991 <p>While the latest version of A.B. 2004 steps back from <a href="https://www.eff.org/deeplinks/2020/08/no-blockchain-credentials-covid-19-test-results-entry-public-spaces">previous plans</a> to create a pilot program for immunity passports, it’s still written to push a hasty and poorly planned system onto Californians. The bill would empower the California Department of Consumer Affairs (CDCA) to authorize health care providers to issue verifiable health credentials, establish procedures for doing so, and maintain a blockchain registry of such issuers.</p>
992 <p class="pull-quote">By claiming that blockchain technology is part of a unique solution to the public health crisis we’re in, AB 2004 is opportunism at its worst</p>
993 <p>But the bill says nothing about how long a credential should be valid, how it should be updated, or how it can be revoked if you’re exposed or even infected after you receive the passport. It doesn’t say anything about how those procedures should interact with existing medical privacy laws. And while the bill would require CDCA to consult with a working group (also created by the latest version of the bill) that includes civil liberties and privacy representatives, CDCA can ignore those recommendations. The bill doesn’t even limit when or how CDCA may exercise its powers.</p>
994 <p>And there are many problems with the underlying concept of immunity passports. In the short term, medical experts have warned it’s too early to use them for the COVID-19 pandemic. The World Health Organization in April warned against the idea. The WHO said that the medical community’s understanding of SARS-Cov-2—the virus that causes COVID-19—was not sufficient to certify that those who have antibodies in their system posed no risk to others.</p>
995 <p>EFF also opposes the very purpose of these credentials which, according to the bill's fact sheet and official analysis, is to identify those who should be excluded from workplaces, travel, and "any other processes." That has ramifications beyond the current pandemic. Handing your phone over to someone—a security guard, a law enforcement officer—creates the significant risk that they may look through other information on the device. You should never have to do that to enter your workplace or your school.</p>
996 <p>Finally, by suggesting deploying credentials that rely on having a smartphone to control access to public spaces, A.B. 2004 would limit those without smartphones—often lower-income Californians—from being able to move freely. That ensures that the Californians who are disproportionately hit hardest by COVID-19 are also those hurt most by this bill—now and in the future. Some have suggested that the accessibility issue can be addressed by allowing people to print out a paper version of a credential. That would exacerbate the security issues, and not address any of the privacy, security, or safety concerns. In fact, it could make it even easier to present a health credential that isn’t current or valid. It makes it even more difficult to verify the credential and makes it easier for someone to present another person's immunity passport as their own. </p>
997 <p>The latest version of A.B. 2004 doesn’t take any of these concerns seriously. It instead pushes a system, based on unproven science, that would give people false hope of returning to a normal life. As Mozilla <a href="https://blog.mozilla.org/netpolicy/2020/08/06/by-embracing-blockchain-a-california-bill-takes-the-wrong-step-forward/">wrote in its blog post</a> opposing an earlier version of the bill:</p>
998 <blockquote><p>“A better approach would be [to] establish design principles, guardrails, and outcome goals up front…[i]mportantly, the process should build in the possibility that no technical solution is suitable, even if this outcome forces policymakers back to the drawing board.”</p>
999 </blockquote>
1000 <p>A.B. 2004’s authors still aren’t listening. But you can tell your state senator: don’t let those taking advantage of the pandemic push California into making bad policy.<strong></strong></p>
1001 <p class="take-action"><a href="https://act.eff.org/action/california-tell-your-senator-that-blockchain-based-immunity-passports-are-a-bad-idea">Take Action</a></p>
1002 <p class="take-action take-explainer">Tell Your Senator: Immunity Passports Are a Bad Idea</p>
1003
1004 </div></div></div></description>
1005 <pubDate>Wed, 26 Aug 2020 00:06:28 +0000</pubDate>
1006 <guid isPermaLink="false">103620 at https://www.eff.org</guid>
1007 <dc:creator>Hayley Tsukayama</dc:creator>
1008 <enclosure url="https://www.eff.org/files/banner_library/California-bear_0.jpg" alt="" type="image/jpeg" length="285676" />
1009 </item>
1010 <item>
1011 <title>If Privacy Dies in VR, It Dies in Real Life</title>
1012 <link>https://www.eff.org/deeplinks/2020/08/if-privacy-dies-vr-it-dies-real-life</link>
1013 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>If you aren’t an enthusiast, chances are you haven’t used a Virtual Reality (VR) or Augmented Reality (AR) headset. The hype around this technology, however, is nearly inescapable. We’re not just talking about </span><a href="https://techcrunch.com/2019/11/26/facebook-buys-the-vr-studio-behind-beat-saber/"><span>dancing with lightsabers</span></a><span>; there’s been a lot of talk about how VR/AR will revolutionize </span><a href="https://www.youtube.com/watch?v=rWfcMwMzfag"><span>entertainment</span></a><span>, </span><a href="https://circuitstream.com/blog/vr-in-education/"><span>education</span></a><span>, and even </span><a href="https://www.virtualimmersive.com.au/post/how-ar-vr-is-being-used-to-combat-environmental-issues"><span>activism</span></a><span>. EFF has </span><a href="https://www.eff.org/pages/being-nothingness"><span>long been interested in the potential of this technology</span></a><span>, and has even developed our own VR experience, </span><a href="https://www.eff.org/deeplinks/2019/04/its-now-even-easier-spot-surveillance-updates-effs-vr-app"><span>Spot the Surveillance</span></a><span>, which places users on a street corner amidst police spying technologies. </span></p>
1014 <p><span>It’s easy to be swept up in the excitement of a new technology, but utopian visions must not veil the emerging ethical and legal concerns in VR/AR. The devices are new, but the tech giants behind them aren’t. Any VR/AR headset you use today is likely made by a handful of corporate giants—Sony, Microsoft, HTC, and Facebook. As such, this budding industry has inherited a lot of issues from their creators. VR and AR hardware aren’t household devices quite yet, but if they succeed, there’s a chance they will creep into all of our personal and </span><a href="https://www.theverge.com/2020/5/21/21266945/facebook-ar-vr-remote-work-oculus-passthrough-future-tech"><span>professional</span></a><span> lives guided by the precedents set today. </span></p>
1015 <h3><b>A Step Backwards: Requiring Facebook Login for Oculus</b></h3>
1016 <p><span>This is why Oculus’ </span><a href="https://www.oculus.com/blog/a-single-way-to-log-into-oculus-and-unlock-social-features/"><span>announcement</span></a><span> last week </span><a href="https://www.theverge.com/2020/8/19/21375118/oculus-facebook-account-login-data-privacy-controversy-developers-competition"><span>shocked and infuriated</span></a><span> many users. Oculus, </span><a href="https://about.fb.com/news/2014/03/facebook-to-acquire-oculus/"><span>acquired by Facebook in 2014</span></a><span>, announced that it will require a Facebook account for all users within the next 2 years. At the time of the acquisition Oculus offered </span><a href="https://time.com/38366/here-are-7-promises-oculus-has-made-after-getting-bought-by-facebook/"><span>distressed users</span></a><span> an assurance that “[y]ou will not need a Facebook account to use or develop for the Rift [headset].” </span></p>
1017 <p><span>There’s good cause to be alarmed. Eliminating alternative logins can force Oculus users to accept Facebook’s Community Standards, or risk potentially bricking their device. With this lack of choice, users can no longer freely give meaningful consent and lose the freedom to be anonymous on their own device. That is because Oculus owners will also need to adopt Facebook’s controversial </span><a href="https://www.eff.org/deeplinks/2015/12/changes-facebooks-real-names-policy-still-dont-fix-problem"><span>real name policy</span></a><span>. The policy requires users to register what Facebook calls their “authentic identity”—one known by friends and family and found on acceptable documents—in order to use the social network. Without anonymity, Oculus leaves users in sensitive contexts out to dry, such as </span><a href="https://www.reuters.com/article/us-hongkong-protests-games/hong-kong-students-take-protest-to-virtual-world-idUSKBN1X715V"><span>VR activism in Hong Kong</span></a><span> or </span><a href="https://epgn.com/2019/07/11/virtual-reality-enhances-lgbtq-community-building-study-finds/"><span>LGBTQ+ users</span></a><span> who can not safely reveal their identity.</span></p>
1018 <p><span>Logging into Facebook on an Oculus product </span><a href="https://www.oculus.com/blog/introducing-new-features-from-facebook-to-help-people-connect-in-vr-and-an-update-to-our-privacy-policy/"><span>already shares</span></a><span> with Facebook to inform ads when you logged into a Facebook account. Facebook already has a vast collection of data, collected from across the web and even </span><a href="https://www.eff.org/deeplinks/2018/12/new-documents-show-facebook"><span>your own devices</span></a><span>. Combining this with sensitive biometric and environmental data detected by Oculus headsets furthers tramples user privacy. And Facebook should really know—the company recently agreed to pay $650 million for violating </span><a href="https://www.vox.com/recode/2020/7/23/21335806/facebook-settlement-illinois-facial-recognition-photo-tagging"><span>Illinois’ biometric law (BIPA)</span></a><span> for collecting user biometric data without consent. However, for companies like Facebook, which are built on capturing your attention and selling it to advertisers, this is a potential gold mine. Having eye-tracking data on users, for example, can cement a monopolistic power in online advertisements—regardless of how effective it actually is. They merely need the ad industry to </span><i><span>believe</span></i><span> Facebook has an advantage.</span><span> </span></p>
1019 <p><span>Facebook violating the trust of users in its acquired companies (</span><a href="https://www.wsj.com/articles/facebooks-messing-with-instagram-prompted-co-founders-departure-1537905005"><span>like Instagram</span></a><span> and Whatsapp) may </span><a href="https://www.eff.org/deeplinks/2018/12/new-documents-show-facebook"><span>not be surprising</span></a><span>. After all, it has a long trail of </span><a href="https://www.computerweekly.com/feature/Facebooks-privacy-U-turn-how-Zuckerberg-backtracked-on-promises-to-protect-personal-data#developers-8"><span>broken promises</span></a><span> while paying </span><a href="https://www.eff.org/deeplinks/2020/07/dont-believe-proven-liars-absolute-minimum-standard-prudence-merger-scrutiny"><span>lip service</span></a><span> to privacy concerns. What’s troubling in this instance, however, is the </span><a href="https://www.pcmag.com/news/oculus-and-playstation-vr-jockey-atop-the-virtual-reality-market"><span>position of Oculus</span></a><span> in the VR/AR industry. Facebook is poised to shape the medium as a whole and may normalize mass user surveillance, as Google has already done with smartphones. We must make sure that doesn't happen.</span></p>
1020 <h3><b>Defending Fundamental Human Rights in All Realities</b></h3>
1021 <p><span>Strapping these devices to ourselves lets us enter a virtual world, but at a price—these companies enter our lives and have access to intimate details about us through </span><a href="https://blog.klarislaw.com/vr-ar-virtual-reality-augmented-reality-biometric-data-after-2017-ed-klaris-alexia-bedat-a15e9cb000a1"><span>biometric data</span></a><span>. How we move and interact with the world offers insight, by proxy, into how </span><a href="https://arxiv.org/ftp/arxiv/papers/1709/1709.00396.pdf"><span>we think and feel</span></a><span> at the moment. </span><a href="https://www.forbes.com/sites/solrogers/2019/02/05/seven-reasons-why-eye-tracking-will-fundamentally-change-vr/#7a4f41073459"><span>Eye-tracking technology</span></a><span>, often seen in cognitive science, is already being </span><span><a href="https://enterprise.vive.com/us/product/vive-pro-eye/?utm_medium=Blog&amp;amp;amp;utm_source=Tobii_Blog&amp;amp;amp;utm_campaign=Tobii_ProEye_Blogpost/">developed</a> by Vive</span><span>, which sets the stage for unprecedented privacy and security risks</span>. <span>If aggregated, those in control of this biometric data may be able to identify patterns that let them more precisely predict (or cause) certain behavior and </span><a href="https://arxiv.org/ftp/arxiv/papers/1709/1709.00396.pdf"><span>even emotions</span></a><span> in the virtual world. It may allow companies to exploit users' emotional vulnerabilities through strategies that are difficult for the user to perceive and resist. What makes the collection of this sort of biometric data particularly frightening, is that unlike a credit card or password, it is information about us we cannot change. Once collected, there is little users can do to mitigate the harm done by leaks or data being monetized with additional parties. </span></p>
1022 <p><span>Threats to our privacy don’t stop there. A VR/AR setup will also be densely packed with cameras, microphones, and myriad other sensors to help us interact with the real world—or at least not crash into it. That means information about your home, your office, or even your community is collected and potentially </span><a href="https://www.wired.com/story/star-witness-your-smart-speaker/"><span>available to the government</span></a><span>. Even if you personally never use this equipment, sharing a space with someone who may puts your privacy at risk. Without meaningful user consent and restrictions on the collection, a menacing future may take shape where average people using AR further proliferate precise </span><a href="https://ar-sec.cs.washington.edu/files/ar-chi2014.pdf"><span>audio and video surveillance</span></a><span> in public and private spaces. It’s not hard to imagine these raw data feeds integrating with the new generations of automatic mass surveillance technology such as </span><a href="https://www.eff.org/deeplinks/2019/09/facebook-must-better-limit-its-face-surveillance"><span>face recognition</span></a><span>.</span></p>
1023 <p><span>Companies like Oculus need to do more than </span><a href="https://www.polygon.com/2016/4/8/11394320/al-franken-oculus-rift-privacy-policy"><span>“think about privacy”</span></a><span>. Industry leaders need to commit to the principles of privacy by design, security, transparency, and data minimization. By default, only data necessary to core functions of the device or software should be collected; even then, developers should utilize encryption, delete data as soon as reasonably possible, and have this data stay on local devices. Any collection or use of information beyond this, particularly when shared with </span><a href="https://www.nytimes.com/2018/12/18/technology/facebook-privacy.html"><span>additional parties</span></a><span>, must be opt-in with specific, freely given user consent. For consent to be freely given, companies should provide an alternative option so the user has the ability to choose. Effective safeguards must also be in place to ensure companies are honoring their promises to users, and to mitigate </span><a href="https://www.eff.org/deeplinks/2018/03/yet-another-lesson-from-the-cambridge-analytica-fiasco"><span>Cambridge-Analytica</span></a><span>-type data scandals from third-party developers. Companies should, for example, carry out a Data Protection Impact Assessment to help them identify and minimize data protection risks when the processing can likely result in a high risk to individuals. While we encourage these companies to compete on privacy, it seems unlikely most </span><a href="https://www.eff.org/deeplinks/2019/03/why-debate-over-privacy-cant-rely-tech-giants"><span>tech giants would do so willingly</span></a><span>. Privacy must also be the default on all devices, not a niche or premium feature. </span></p>
1024 <p><span>We all need to keep the pressure on state legislatures and Congress to adopt strong </span><a href="https://www.eff.org/deeplinks/2019/06/effs-recommendations-consumer-data-privacy-laws"><span>comprehensive consumer privacy laws</span></a><span> in the United States to control what big tech can get away with. These new laws must not preempt stronger state laws, they must provide users’ with a private right of action, and they should not include “data dividends” or pay-for-privacy schemes.</span></p>
1025 <p><span>Antitrust enforcers should also take note of yet another broken promise about privacy, and think twice before allowing Facebook to acquire data-rich companies like Oculus in the future. </span><a href="https://www.eff.org/deeplinks/2020/07/dont-believe-proven-liars-absolute-minimum-standard-prudence-merger-scrutiny"><span>Mergers shouldn’t be allowed</span></a><span> based on promises to keep the user data from acquired companies separate from Facebook’s other troves of user data when Facebook has broken such promises so many times before.</span></p>
1026 <p><span>The future of privacy in VR/AR will depend on swift action </span><i><span>now</span></i><span>, while the industry is still budding. Developers need to be critical of the technology and information they utilize, and how they can make their work more </span><a href="https://www.eff.org/deeplinks/2018/01/code-review-not-evil-security-through-obscurity"><span>secure and transparent</span></a><span>. Enthusiasts and reviewers should prioritize open and privacy-conscious devices while they are only entertainment accessories. Activists and researchers must create a future where AR and VR work in the best interests of the users, and society overall. </span></p>
1027 <p><span>Left unchecked, we fear VR/AR development will follow the trail left by smartphones and IoT. Developers, users, and the government must ensure it does not ride its hype into an inescapable, insecure, proprietary, and privacy-invasive ecosystem. The hardware and software may go a long way towards fulfilling long-promised aspects of technology, but it must not do so while trampling on our human rights.</span></p>
1028
1029 </div></div></div></description>
1030 <pubDate>Tue, 25 Aug 2020 22:08:30 +0000</pubDate>
1031 <guid isPermaLink="false">103618 at https://www.eff.org</guid>
1032 <category domain="https://www.eff.org/issues/privacy">Privacy</category>
1033 <category domain="https://www.eff.org/issues/biometrics">Biometrics</category>
1034 <category domain="https://www.eff.org/issues/video-games">Video Games</category>
1035 <dc:creator>Rory Mir</dc:creator>
1036 <dc:creator>Katitza Rodriguez</dc:creator>
1037 <enclosure url="https://www.eff.org/files/banner_library/facebook-face-recognition.png" alt="Facebook Face Recognition" type="image/png" length="18362" />
1038 </item>
1039 <item>
1040 <title>Courts Shouldn’t Stifle Patent Troll Victims’ Speech</title>
1041 <link>https://www.eff.org/deeplinks/2020/08/courts-shouldnt-stifle-patent-troll-victims-speech</link>
1042 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>In the U.S., we don’t expect or allow government officials – including judges--to be speech police. Courts are allowed to restrain speech only in the rarest circumstances, subject to strict limitations. So we were troubled to learn that a judge in Missouri has issued an order stifling the speech of a small company that’s chosen to speak out about a patent troll lawsuit that was filed against it.<br /><strong></strong></p>
1043 <p>Mycroft AI, a company with nine employees that makes open-source voice technology, published a <a href="https://mycroft.ai/blog/troll-hunter-mycrofts-position-on-patent-trolls/">blog post on February 5</a> describing how it had been threatened by a patent troll called Voice Tech Corporation. Like all patent trolls, Voice Tech doesn’t offer any services or products. It simply owns patents, which it acquired through more than a decade of one-party argumentation with the U.S. Patent Office. </p>
1044 <p>Voice Tech’s <a href="https://patents.google.com/patent/US10491679B2">two</a> <a href="https://patents.google.com/patent/US9794348B2/">patents</a> describe nothing more than using voice commands, together with a mobile device, to perform computer commands. It’s the basic statement of an idea, without any executable instructions, that’s been an idea in science fiction for more than 50 years. (In fact, Mycroft is named after a supercomputer in the Robert Heinlein novel The Moon Is a Harsh Mistress.) When Voice Tech used these patents to threaten and then <a href="https://www.eff.org/document/voice-tech-corp-v-mycroft-ai-complaint">sue [PDF]</a> Mycroft AI, the company’s leadership decided not to pay the $30,000 that was demanded for these ridiculous patents. Instead, they fought back—and they asked their community for help. </p>
1045 <p>“Math isn’t patentable and software shouldn’t be either,” wrote Mycroft First Officer Joshua Montgomery in the blog. “I don’t often ask this, but I’d like for everyone in our community who believes that patent trolls are bad for open source to re-post, link, tweet and share this post. Please help us get the word out by sharing this post on Facebook, LinkedIn, Twitter, or email.” </p>
1046 <p>Montgomery also said that he’d “always wanted to be a troll hunter,” and that in his opinion, when confronted with matters like this, “it’s better to be aggressive and ‘stab, shoot and hang’ them, then dissolve them in acid.” He included a link to a piece of state legislation he opposed last year, where he’d used the same quote. </p>
1047 <p>That tough language got attention, and the story went viral on forums like reddit and Hacker News. The lawsuit, and the post, were also covered by tech publications like <a href="https://www.theregister.com/2020/02/12/mycroft_patent_troll/">The Register</a> and <a href="https://www.techdirt.com/articles/20200208/15511643883/open-source-voice-assistant-promises-to-nuke-orbit-patent-troll.shtml">Techdirt</a>. According to Mycroft, it led to an outpouring of much-needed support. </p>
1048 <h2><strong>The Court Steps In</strong></h2>
1049 <p>According to Voice Tech, however, it led to harassment. The company responded by asking the judge overseeing the case, U.S. District Judge Roseann Ketchmark of the Western District of Missouri, to intervene. Voice Tech suggested the post had led to both harassment of its counsel and a hacking attempt. Mycroft strenuously denied any harassment or hacking, and said it would “admonish and deny” any personal attacks.</p>
1050 <p>Unfortunately, Judge Ketchmark not only accepted Voice Tech’s argument about harassment, but ordered Mycroft to delete portions of the blog post. What is worse, she ordered Mycroft to stop reaching out to its own open source community for support. Mycroft was specifically told to delete the request that “everyone in our community who believes that patent trolls are bad for open source” re-post and spread the news.</p>
1051 <p>To be clear, if the allegations are true, Voice Tech’s counsel has a right to respond to those who are actually harassing him. This ruling, however, is deeply troubling. It does not appear as though there was sufficient evidence for the court to find that Mycroft’s colorful post led directly to the harassment—an essential (though not sufficient) requirement before prohibiting a party from sharing their opinions about a case.</p>
1052 <p>But the public has a right to know what is happening in this case, and Mycroft has a right to share that information – even couched in colorful language. The fact that some members of the public may have responded negatively to the post, or even attempt to hack Voice Tech, doesn’t justify overriding that right without strong evidence showing a direct connection between Mycroft’s post and the harassment of Voice Tech’s counsel. </p>
1053 <h2><strong>Patent Trolls and Speech Police </strong></h2>
1054 <p>It gets worse. Apparently emboldened by its initial success, Voice Tech continues to press for more censorship.</p>
1055 <p>In June, Mycroft <a href="https://mycroft.ai/blog/mark-ii-update-june-2020/">published an update on its Mark II product</a>. While the company anticipates delivery in 2021, Montgomery wrote that “progress is dependent on staffing and distractions like patent trolls,” and linked to <a href="https://www.techdirt.com/articles/20200724/18145044976/patent-troll-gets-court-to-order-startup-it-sued-to-edit-blog-post-troll-now-asks-startup-to-get-us-to-change-our-techdirt-post.shtml">a recent Techdirt article</a>. Voice Tech quickly kicked into overdrive and wrote a note to Mycroft demanding the removal of a link, and a redaction: </p>
1056 <p><em>Voice Tech demands that Mycroft remove the link to the TECHDIRT article and redact the original article on the Mycroft Community Forum by no later than the close of business on Wednesday, July 22, 2020. If Mycroft fails to comply, Voice Tech will have no option but to file a motion for contempt with the Court.</em></p>
1057 <p>Mycroft has removed the link. Voice Tech has also sought to censor third-party journalism about the case, like that published in Techdirt. </p>
1058 <p>It’s bad enough when small companies like Mycroft AI are subject to threats and litigation over patents that seem to be little more than science-fiction documents issued by a broken bureaucracy. But it’s even more outrageous when they can’t talk about it freely. No company should have to suffer in silence about the damage that patent trolls do to their businesses, to their communities, and to the public at large. We hope Judge Ketchmark clearly and quickly reconsiders and rescinds her troubling gag order. And we’re glad to see that Mycroft AI has been willing to put up legal fight against these clearly invalid patents. </p>
1059
1060 </div></div></div></description>
1061 <pubDate>Mon, 24 Aug 2020 18:53:54 +0000</pubDate>
1062 <guid isPermaLink="false">103611 at https://www.eff.org</guid>
1063 <category domain="https://www.eff.org/bloggers">Bloggers' Rights</category>
1064 <category domain="https://www.eff.org/issues/free-speech">Free Speech</category>
1065 <category domain="https://www.eff.org/issues/patents">Patents</category>
1066 <category domain="https://www.eff.org/issues/resources-patent-troll-victims">Patent Trolls</category>
1067 <dc:creator>Joe Mullin</dc:creator>
1068 <enclosure url="https://www.eff.org/files/banner_library/patent-troll-warning.png" alt="Patent Troll warning sign: Do Not Feed the Troll" type="image/png" length="339880" />
1069 </item>
1070 <item>
1071 <title>EFF Sues Texas A&M University Once Again to End Censorship Against PETA on Facebook and YouTube</title>
1072 <link>https://www.eff.org/deeplinks/2020/08/eff-sues-texas-am-university-once-again-end-censorship-against-peta-facebook-and</link>
1073 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>This week, EFF filed suit to stop Texas A&amp;M University from censoring comments by PETA on the university’s Facebook and YouTube pages.</p>
1074 <p>In light of the COVID-19 pandemic, Texas A&amp;M held its spring commencement ceremonies online, with broadcasts over Facebook and YouTube. Both the Facebook and YouTube pages had comment sections open to any member of the public—but administrators deleted comments that were associated with PETA’s high-profile campaign against the university’s muscular dystrophy experiments on golden retrievers and other dogs.</p>
1075 <p>Where government entities such as Texas A&amp;M open online forums to the public, the First Amendment <a href="https://www.eff.org/issues/government-social-media-blocking">prohibits them from censoring comments</a> merely because they don’t like the content of the message or the viewpoint expressed. On top of that, censoring comments based on their message or viewpoint also violates the public’s First Amendment right to petition the government for redress of grievances.</p>
1076 <p>Texas A&amp;M knows this well, because this is not the first time we’ve sued them for censoring comments online. Back in 2018, EFF brought <a href="https://www.eff.org/press/releases/eff-sues-texas-am-university-violating-petas-free-speech-rights-blocking-group-its">another First Amendment lawsuit</a> against Texas A&amp;M for deleting comments by PETA and its supporters about the university’s dog labs from the Texas A&amp;M Facebook page. This year, in a big win for free speech, the school settled with PETA and <a href="https://www.eff.org/deeplinks/2019/12/eff-ends-censorship-against-peta-public-universitys-facebook-page">agreed to stop deleting comments</a> from its social media pages based on the comments’ messages. </p>
1077 <p>We are disappointed that Texas A&amp;M has continued to censor comments by PETA’s employees and supporters without regard for the legally binding settlement agreement that it signed just six months ago, and hope that the federal court will make clear to the university once and for all that its censorship cannot stand. </p>
1078 <p>EFF is joined by co-counsel PETA Foundation and Rothfelder Falick LLP of Houston.</p>
1079
1080 </div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/cases/peta-v-texas-am">PETA v. Texas A&amp;M</a></div></div></div></description>
1081 <pubDate>Fri, 21 Aug 2020 20:02:48 +0000</pubDate>
1082 <guid isPermaLink="false">103606 at https://www.eff.org</guid>
1083 <category domain="https://www.eff.org/taxonomy/term/68">Announcement</category>
1084 <category domain="https://www.eff.org/issues/free-speech">Free Speech</category>
1085 <dc:creator>Naomi Gilens</dc:creator>
1086 <enclosure url="https://www.eff.org/files/banner_library/free-speech-cat4_0.jpg" alt="A striped cat opines using a megaphone." type="image/jpeg" length="39270" />
1087 </item>
1088 <item>
1089 <title>Proctoring Apps Subject Students to Unnecessary Surveillance</title>
1090 <link>https://www.eff.org/deeplinks/2020/08/proctoring-apps-subject-students-unnecessary-surveillance</link>
1091 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>With COVID-19 forcing millions of teachers and students to rethink in-person schooling, this moment is ripe for an innovation in learning. Unfortunately, many schools have simply </span><a href="https://www.insidehighered.com/news/2020/05/11/online-proctoring-surging-during-covid-19"><span>substituted surveillance technology for real transformation</span></a><span>. The use of proctoring apps—privacy-invasive software products that “watch” students as they take tests or complete schoolwork, has skyrocketed. These apps make a seductive promise: that schools can still rely on high-stakes tests, where they have complete control of a student's environment, even during remote learning. But that promise comes with a huge catch—these apps violate student privacy, negatively impact some populations, and will likely never fully stop creative students from </span><a href="https://www.insidehighered.com/digital-learning/views/2017/09/20/creative-ways-students-try-cheat-online-exams"><span>outsmarting the system</span></a><span>. </span></p>
1092 <p class="pull-quote"><span><span>No student should be forced to make the choice to either hand over their biometric data and be surveilled continuously or to fail their class. </span></span></p>
1093 <p><span>Through a series of </span><a href="https://www.theverge.com/2020/4/29/21232777/examity-remote-test-proctoring-online-class-education"><span>privacy-invasive monitoring techniques</span></a><span>, proctoring apps purport to determine whether a student is cheating. Recorded patterns of keystrokes and facial recognition supposedly confirm whether the student signing up for a test is the one taking it; gaze-monitoring or eye-tracking is meant to ensure that students don’t look off-screen too long, where they might have answers written down; microphones and cameras record students’ surroundings, broadcasting them to a proctor, who must ensure that no one else is in the room. Even if these features were successful at rooting out all cheating, which is extremely unlikely, what these tools amount to is compelled mass biometric surveillance of potentially millions of students, whose success will be determined not by correct answers, but </span><a href="https://www.washingtonpost.com/technology/2020/04/01/online-proctoring-college-exams-coronavirus/"><span>by algorithms that decide whether or not their “suspicion” score is too high</span></a><span>. <br /></span></p>
1094 <p><span>Much of this technology is effectively indistinguishable from </span><a href="https://www.wired.com/story/eva-galperin-stalkerware-kaspersky-antivirus/"><span>spyware</span></a><span>, which is malware that is commonly used to track unsuspecting users’ actions on their devices and across the Internet. It also has much in common with “</span><a href="https://www.eff.org/deeplinks/2020/06/inside-invasive-secretive-bossware-tracking-workers"><span>bossware</span></a><span>,” the invasive time-tracking and worker “productivity” software that has grown in popularity during the pandemic. EFF has campaigned against the pervasive use of both of these tools, demanding anti-virus companies recognize spyware more explicitly, and pushing employers to minimize their use of bossware. </span></p>
1095 <p><span>In addition to the invasive gathering of biometric data, proctoring services gather and retain personally identifiable information (PII) on students<span class="ILfuVd"><span class="hgKElc">—</span></span>sometimes through their schools, or by requiring students to input this data in order to register for an account. This can include full name, date of birth, address, phone number, scans of government-issued identity documents, educational institution affiliation, and student ID numbers. Proctoring companies also automatically gather data on student devices, regardless of whether they are school-issued devices or not. These collected logs can include records of operating systems, make and model of the device, as well as device identification numbers, IP addresses, browser type and language settings, software on the device and their versions, ISP, records of URLs visited, and how long students remain on a particular site or webpage. </span></p>
1096 <p><span>The companies retain much of what they gather, too—whether that’s documentation or video of bedroom scans. Some companies, like ProctorU, have </span><a href="https://www.proctoru.com/privacy-policy"><i><span>no time limits</span></i></a><span> on retention. Some of this information they share with third parties. And when student data is provided to the proctoring company by an educational institution, students are often left without a clear way to request that their data be deleted because they aren’t considered the data’s “owner.”</span></p>
1097 <p><span>The leveraging of student data for commercial purposes isn’t the only risk to student privacy<span class="ILfuVd"><span class="hgKElc">—</span></span>as we’ve noted time and time again, gathering vast amounts of data on people is unwise given frequent breaches and subsequent data dumps. ProctorU found that out recently, when </span><a href="https://www.bleepingcomputer.com/news/security/proctoru-confirms-data-breach-after-database-leaked-online/"><span>over 440,000 user records for their proctoring service were leaked</span></a><span> on a hacker forum last month, including “email addresses, full names, addresses, phone numbers, hashed passwords, the affiliated organization, and other information.”</span></p>
1098 <p>Aside from privacy concerns, these tools could easily penalize students who don’t have control over their surroundings, or those with less functional hardware or low-speed Internet. For students who don’t have home Internet access at all, they are locked out of testing altogether. They could also cause havoc for students who already have trouble focusing during tests, either because of a difficulty maintaining “eye contact” with their device, or simply because tests make them nervous. Software that assumes all students take tests the same way — in rooms that they can control, their eyes straight ahead, fingers typing at a routine pace—are undoubtedly leaving some students out. </p>
1099 <p><span>No student should be forced to make the choice to either hand over their biometric data and be surveilled continuously or to fail their class. A solution that requires students to surrender the security of their personal biometric information and give over video of their private spaces is no solution at all. </span></p>
1100 <p><span>Technology has opened up unprecedented opportunities for learning at a distance, and COVID-19 has forced us to use that technology on a scale never seen before. Yet schools must accept that they cannot have complete control of a student's environment when they are at home, nor should they want to. Proctoring apps fall short on multiple fronts: they invade students’ privacy, exacerbate existing inequities in educational outcomes, and can never fully match the control schools are used to enforcing in the test hall.</span></p>
1101 <p><span>Educational institutions will need to adapt fundamentally to distance learning. New technologies and new teaching methods will be a part of that. Perhaps schools will need to reevaluate the need for closed book exams, or use fewer tests overall as compared to project-based assessments. Regardless, they should not rely on invasive proctoring apps to attempt to replace methods that only work in person. Surveillance tech has already crept into many areas of education, with some schools </span><a href="https://www.eff.org/deeplinks/2020/02/schools-are-pushing-boundaries-surveillance-technologies"><span>tracking students’ social media activity</span></a><span>, others requiring students to use technology that </span><a href="https://www.eff.org/issues/student-privacy/faq#-How-well-is-students%E2%80%99-private-personal-data-protected"><span>collects and shares private data</span></a><span> with third-party companies, and others </span><a href="https://www.vox.com/recode/2019/12/20/21028124/schools-facial-recognition-mass-shootings#:~:text=Facial%20recognition%20technology%20compares%20images,admitting%20someone%20into%20an%20area."><span>implementing flawed facial recognition technology</span></a><span> in the name of safety. While there are </span><a href="https://ssd.eff.org/en/module/privacy-students"><span>ways to fight back against some common school surveillance</span></a><span>, it becomes increasingly difficult when that surveillance is directly tied to students’ evaluations and ultimate success. Teachers, parents, and students must not allow remote learning to become remote surveillance.</span></p>
1102 <p><i><span>If you currently have or previously had a user account for ProctorU, check if your account was compromised in this breach at </span></i><a href="https://haveibeenpwned.com/"><i><span>have i been pwned?</span></i></a><i><span> and </span></i><a href="https://ssd.eff.org/en/module/creating-strong-passwords"><i><span>update your password</span></i></a><i><span>.</span></i></p>
1103
1104 </div></div></div></description>
1105 <pubDate>Thu, 20 Aug 2020 19:54:55 +0000</pubDate>
1106 <guid isPermaLink="false">103602 at https://www.eff.org</guid>
1107 <category domain="https://www.eff.org/taxonomy/term/70">Commentary</category>
1108 <category domain="https://www.eff.org/issues/student-privacy">Student Privacy</category>
1109 <dc:creator>Jason Kelley</dc:creator>
1110 <dc:creator>Lindsay Oliver</dc:creator>
1111 <enclosure url="https://www.eff.org/files/banner_library/student-privacy-social.jpg" alt="" type="image/jpeg" length="65337" />
1112 </item>
1113 <item>
1114 <title>EFF Calls on California Gov. Newsom To Mandate Data Privacy Protections for Californians Who Participate in COVID-19 Contact Tracing Programs</title>
1115 <link>https://www.eff.org/press/releases/eff-calls-california-gov-newsom-mandate-data-privacy-protections-californians-who</link>
1116 <description><div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">State, Private Companies Should Limit Data Collection and Retention</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>San Francisco—The Electronic Frontier Foundation (EFF) called on California Gov. Gavin Newsom and state lawmakers to ensure that all COVID-19 contact tracing programs include enforceable privacy protections that strictly limit how much and what kinds of data can be collected from Californians and prohibits using that data for anything other than reining in the pandemic.<br /><br />More Californians will <a href="https://www.nbcnews.com/news/us-news/california-coronavirus-cases-spike-contact-tracing-stalled-fear-embarrassment-n1235345">feel safe</a> participating in efforts to <a href="https://www.eff.org/deeplinks/2020/05/governments-shouldnt-use-centralized-proximity-tracking-technology">trace transmission of the novel coronavirus</a> if they know their information won’t be used to deport them or build data-rich profiles for data brokers and advertisers, EFF said this week in letters to Newsom and lawmakers. ACLU of California, Oakland Privacy, Media Alliance, Privacy Rights Clearinghouse, and Consumer Reports joined EFF in signing the letters. <br /><br />“The success of contact tracing programs depends on participation by the public,” said EFF Legislative Activist Hayley Tsukayama. “Trust has been <a href="https://www.capradio.org/news/npr/story/?storyid=901064505">an issue</a>—people are demanding protection over their private information. As a national leader in privacy and coronavirus policy-making, California should implement guardrails to prevent unwarranted privacy invasions and engender people’s trust that it’s OK to take part in contact tracing programs.”<br /><br />EFF and its partners urged Newsom and lawmakers to bar the state, and privacy companies and contractors it works with to develop and implement manual and digital contact tracing programs, from collecting, retaining, using, or disclosing data except as necessary and proportionate to control the spread of COVID-19.<br /><br />All contracts and agreements with outside companies should contain language that blocks them from using data for targeted advertising or other commercial purposes and combining participant data with any other data the companies may have. Data should be retained for no more than 30 days.<br /><br />Contact-tracing programs should also be prohibited from discriminating against people on the basis of participation or nonparticipation. No one should be kept out of a workplace, school, or restaurant because they declined to participate in a contact-tracing program, privacy advocates said in the letters.<br /><br />The state is stepping up contact tracing programs, announcing last week that <a href="https://about.kaiserpermanente.org/community-health/news/kaiser-permanente-commits-63m-to-support-contact-tracing-in-california">Kaiser Permanente</a> will donate $63 million to support the state’s work. Under its current contact tracing program, <a href="https://covid19.ca.gov/contact-tracing/">California Connected</a>, public health workers will reach out to people who tested positive for COVID-19 via texts, phone calls, and emails. Those contacted are asked to give their names, ages, places they’ve been, and people they have been in contact with. The program pledges to keep the information confidential.<br /><br />“Two bills currently before the California legislature—A.B. 1782 and A.B. 660—contain the important privacy protections we’re calling for,” said Tsukayama. “Ensuring people’s privacy at this time of uncertainty about our health and safety is the right thing to do. We urge Gov. Newsom to take the necessary steps to make our COVID-19 privacy protections a model for the rest of the country.”<br /><br />For the letter:<br /><a href="https://www.eff.org/document/2020-08-coalition-letter-governorlegislature-contact-tracing-and-privacy">https://www.eff.org/document/2020-08-coalition-letter-governorlegislature-contact-tracing-and-privacy<br /><br /></a>For more about contact tracing and privacy:<br /><a href="https://www.eff.org/deeplinks/2020/08/california-must-recognize-privacy-vital-public-health-efforts">https://www.eff.org/deeplinks/2020/08/california-must-recognize-privacy-vital-public-health-efforts</a></p>
1117
1118 </div></div></div><div class="field field--name-field-contact field--type-node-reference field--label-above"><div class="field__label">Contact:&nbsp;</div><div class="field__items"><div class="field__item even"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
1119
1120
1121 <div class="">
1122 <div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Hayley</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Tsukayama</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Legislative Activist</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:hayleyt@eff.org">hayleyt@eff.org</a></div></div></div> </div>
1123
1124 </div>
1125
1126 </div></div></div></description>
1127 <pubDate>Thu, 20 Aug 2020 15:17:09 +0000</pubDate>
1128 <guid isPermaLink="false">103601 at https://www.eff.org</guid>
1129 <dc:creator>Karen Gullo</dc:creator>
1130 </item>
1131 <item>
1132 <title>California Must Recognize That Privacy is Vital to Public Health Efforts</title>
1133 <link>https://www.eff.org/deeplinks/2020/08/california-must-recognize-privacy-vital-public-health-efforts</link>
1134 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Californians have a constitutional right to privacy. There is no more important time to protect that right to privacy than during a crisis, such as the current pandemic. That is why EFF, along with the American Civil Liberties Union of California, Media Alliance, Oakland Privacy, Privacy Rights Clearinghouse, and Consumer Reports have <a href="https://www.eff.org/document/2020-08-coalition-letter-governorlegislature-contact-tracing-and-privacy">called on the state’s political leaders</a> to ensure that any program that asks Californians to share contact tracing information have strong privacy guardrails.</p>
1135 <p>Being upfront and honest about what information contact tracing programs collect, how that information is used, and acting from the start to protect against abuses of that information can protect Californians at a vulnerable time. It can also increase trust in public health programs. The evidence is mounting that people <a href="https://www.washingtonpost.com/technology/2020/05/21/care19-dakota-privacy-coronavirus">don’t</a> <a href="https://www.fox13now.com/news/coronavirus/local-coronavirus-news/utah-to-disable-location-tracking-in-healthy-together-covid-19-app/">trust</a>—and therefore do not wish to participate in—programs that have not respected privacy from the start. Our groups call on Governor Gavin Newsom, Senate President pro Tempore Toni Atkins, Assembly Speaker Anthony Rendon, and all members of the California Assembly and Senate to recognize that privacy protections are necessary to public health efforts.</p>
1136 <p>Our coalition asks for the following four, common-sense protections:</p>
1137 <ul>
1138 <li>A data minimization rule that ensures that the information a public or private entity collects actually serves a public health purpose.</li>
1139 <li>A guarantee that any private entity working on a contact tracing program does not use the information for any other purpose—including, but not limited, to commercial purposes.</li>
1140 <li>A prohibition from discriminating against people based on their participation—or nonparticipation—in a contact-tracing program, to protect those who cannot or do not want to participate in a data collection program, and to avoid programs with compulsory participation, which also risks declines in the quality of data.</li>
1141 <li>A strong requirement to purge data from such programs when it is no longer useful—we are asking for a 30-day retention period. We would not, however, object to a narrowly-crafted exception from this data purge rule for a limited amount of aggregated and de-identified demographic data for public health purposes—for the sole purpose of tracking inequities in public health response to the crisis.</li>
1142 </ul>
1143 <p>EFF also believes that the following additional guardrails are necessary for manual and automated contact tracing programs:</p>
1144 <ul>
1145 <li>A <strong><em>ban on location tracing</em></strong> as a part of Tech-Assisted Contact Tracing. Location data (such as GPS and cell site location) is not sufficiently granular to identify whether two people were close enough together to transmit COVID-19. But it is sufficiently precise to show whether a person attended a protest, a worship service, or a hospital appointment. Thus, location tracking invades privacy without advancing public health. It might be possible to use Bluetooth-based proximity data to provide automated exposure notification in a privacy-preserving manner. But such systems must not use location data.</li>
1146 <li>A <strong><em>prohibition against contact tracing by state and local law enforcement</em></strong>. Many people will share less of their personal information if they fear the government will use it against them. This would frustrate containment of the outbreak.<em> <br /></em></li>
1147 <li><strong><em> Effective enforcement</em></strong> of these privacy rights with a private right of action. Every person should be able to act as their own privacy enforcer. Private rights of action are a standard feature of legislation that protects people from governmental and corporate wrongdoing. Violations of privacy regarding contact tracing information should be no different.</li>
1148 </ul>
1149 <p>EFF, along with many other privacy groups, <a href="https://www.eff.org/document/2020-08-14-ab-1782-privacy-groups-support-letter">strongly</a> <a href="https://www.eff.org/document/2020-08-14-ab-660-privacy-groups-support-letter">supports</a> two bills currently in the California legislature—A.B. <a href="https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201920200AB1782">1782</a> (Chau/Wicks) and A.B. <a href="https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201920200AB660">660</a> (Levine)—that include these and other important protections. We thank those authors for their work, and will continue to work to pass those bills in the legislature.</p>
1150 <p>Respecting privacy can help establish much-needed trust in these programs, which will in turn increase their efficacy in addressing the current public health crisis. It is also simply the right thing to do.</p>
1151
1152 </div></div></div></description>
1153 <pubDate>Wed, 19 Aug 2020 17:07:11 +0000</pubDate>
1154 <guid isPermaLink="false">103598 at https://www.eff.org</guid>
1155 <category domain="https://www.eff.org/issues/privacy">Privacy</category>
1156 <category domain="https://www.eff.org/issues/covid-19">COVID-19 and Digital Rights</category>
1157 <dc:creator>Hayley Tsukayama</dc:creator>
1158 <enclosure url="https://www.eff.org/files/banner_library/california-privacy-1.png" alt="California Privacy" type="image/png" length="17514" />
1159 </item>
1160 <item>
1161 <title>California Governor Newsom's Broadband Plan Lays Important Foundation and Opens Possibilities</title>
1162 <link>https://www.eff.org/deeplinks/2020/08/governor-newsoms-broadband-plan-lays-important-foundation-and-opens-possibilities</link>
1163 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>On August 14, 2020, Governor Gavin Newsom issued an </span><a href="https://www.gov.ca.gov/2020/08/14/38666/"><span>executive order</span></a><span> to establish a state goal of 100 mbps download speeds for all Californians, citing the 2 million Californians who lack access to high-speed broadband today. This announcement is significant, as it firmly illustrates that the state of California believes the federal definition of broadband is no longer sufficient to estimate modern needs. It is completely right in doing so. The federal definition of broadband lost its relevance long ago, and it is </span><a href="https://www.eff.org/deeplinks/2020/07/american-federal-definition-broadband-both-useless-and-harmful"><span>both useless and harmful as a means to measure equality of access</span></a><span>. <br /></span></p>
1164 <p><span>While the governor acknowledged that a 100 mbps download speed does not deliver speeds synonymous with fiber networks, the emphasis on high-speed access holds a lot of overlap with fiber infrastructure. Inherently, any network delivering these types of speeds requires fiber to some degree. If done right, Governor Newsom’s broadband plan could be the stepping stone towards universal fiber that all communities need to embrace to compete in the gigabit era that 21st-century economies are entering. <br /></span></p>
1165 <h3><b>Any Infrastructure Plan Pushing 100 mpbs To All Californians Needs To Have Fiber at Its Core</b></h3>
1166 <p><span>Fiber is the universal medium of 21st-century broadband access. EFF’s engineering analysis found that fiber is </span><a href="https://www.eff.org/wp/case-fiber-home-today-why-fiber-superior-medium-21st-century-broadband"><span>vastly superior</span></a><span> to copper, cable, and wireless last mile options in terms of upper capacity and its future-proofed characteristics. This is why China, the other advanced Asia markets, and the EU have adopted universal fiber infrastructure plans as government policy. And while the United States desperately needs to play catch up, </span><a href="https://www.eff.org/deeplinks/2020/06/house-introduces-universal-fiber-broadband-plan"><span>the House of Representatives recently passed a plan that would effectively deliver a fiber connection to every American household</span></a><span>—showing a growing awareness of the need to build the infrastructure. <br /></span></p>
1167 <p><span>As the legislature and executive branch in California begin to formulate a strategy to deliver 100 mbps download speeds to all Californians, they must avoid efforts to preserve the existence of last century’s legacy providers. There is no future in the copper infrastructure for broadband, in the long run, as major telecommunications companies such as Frontier Communications enter bankruptcy for being too copper-heavy. (And now they want to transition to fiber). Wall Street analysts are warning private investors away from telecommunications providers that </span><a href="https://stopthecap.com/2020/06/03/telcos-without-fiber-to-the-home-service-face-crisis-as-their-market-share-will-erode-to-zero/"><span>aren’t investing into fiber today, </span></a><span>and the state should follow suit for good reason. Speed-capped networks dependent on legacy infrastructure are rapidly approaching obsolescence. They </span><a href="https://www.eff.org/deeplinks/2020/06/why-slow-networks-really-cost-more-fiber"><span>will cost the state more in the long run</span></a><span>, as compared to simply focusing on pushing out fiber as the goal. <br /></span></p>
1168 <p><span>If the Governor’s plan results in a systemic approach to push even a single fiber-optic wire deep into unserved markets, it will be transformative for the California economy—so long as access to that wire is open for follow on users. A single fiber wire can be leveraged by future efforts to extend those fiber wires to homes and businesses, while enabling high-speed wireless services sooner as an interim step. </span></p>
1169 <p><span>To give an example, look no further than the story of </span><a href="https://mimosa.co/case-studies/dillon-beach-internet-lights-up-california-beach-town-with-mimosa"><span>Dillon Beach, CA</span></a><span>. There, 400 residents lacked high-speed access a handful of years ago. But today, they have access to 250 mbps/150 mbps wireless broadband at $50 a month. This happened because a parent who needed to get high-speed Internet to their home for their child’s schoolwork paid AT&amp;T $12,000 to allow him to string one fiber line to his garage. The capacity from a single wire allowed him to launch a startup ISP with off-the-shelf hardware to deliver high-speed broadband to the broader community. </span></p>
1170 <p><span>This type of enabling force makes fiber a critical infrastructure to push to all communities. It is the road towards the 21st-century Internet. And EFF will work to ensure policymakers in Sacramento do not lose track of the end goal of getting everyone on equal 21st-century ready broadband connections.</span></p>
1171
1172 </div></div></div></description>
1173 <pubDate>Tue, 18 Aug 2020 22:08:40 +0000</pubDate>
1174 <guid isPermaLink="false">103591 at https://www.eff.org</guid>
1175 <category domain="https://www.eff.org/taxonomy/term/73">Legislative Analysis</category>
1176 <category domain="https://www.eff.org/issues/competition">Competition</category>
1177 <dc:creator>Ernesto Falcon</dc:creator>
1178 <enclosure url="https://www.eff.org/files/banner_library/fcc-forbearance_banner-f_0.png" alt="" type="image/png" length="62913" />
1179 </item>
1180 <item>
1181 <title>Civil Rights and First Amendment Defenders Urge First Circuit to Require a Warrant for Border Device Searches</title>
1182 <link>https://www.eff.org/deeplinks/2020/08/civil-rights-and-first-amendment-defenders-urge-court-appeals-require-warrant</link>
1183 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Last month, EFF, along with co-counsel ACLU and ACLU of Massachusetts, filed a <a href="https://www.eff.org/document/alasaad-v-wolf-alasaad-principal-and-response-brief-1st-cir-july-31-2020">brief</a> in <a href="https://www.eff.org/cases/alasaad-v-duke"><em>Alasaad v. Wolf</em></a> urging the U.S. Court of Appeals for the First Circuit to require a warrant for searches of electronic devices at the border. In fiscal year 2019, border officers searched <a href="https://www.cbp.gov/newsroom/speeches-and-statements/cbp-statement-border-search-electronic-devices">over 40,000</a> electronic devices, more than an eight-fold increase since 2012. Because of the significant privacy interests that travelers have in the digital data on their devices, we argued that the government’s warrantless, and usually suspicionless, searches and seizures of electronic devices violate the First and Fourth Amendments to the U.S. Constitution.</p>
1184 <p>Seven amicus briefs were filed in support of our position:</p>
1185 <ul>
1186 <li>Advancing Justice - Asian Law Caucus and law firm WilmerHale, on behalf of 24 civil rights organizations including the Council on American Islamic Relations, the Center for Constitutional Rights, and the CLEAR Project, filed an <a href="https://www.eff.org/document/alasaad-v-wolf-brief-amici-curiae-asian-americans-advancing-justice-asian-law-caucus-et-al">amicus brief</a> highlighting how the government’s border search policies disparately target members of the Arab, Middle Eastern, Muslim, and South Asian communities, and that a warrant standard can help curtail discriminatory profiling.</li>
1187 <li>The Constitutional Accountability Center filed an <a href="https://www.eff.org/document/alasaad-v-wolf-brief-constitutional-accountability-center-amicus-curiae-support-plaintiffs">amicus brief</a> discussing how the Fourth Amendment’s protection of personal papers from searches requires border officers to obtain a warrant or, at minimum, have reasonable suspicion before search.</li>
1188 <li>The Yale Media Freedom and Information Access Clinic and law firm Brown Rudnick, on behalf of 18 First Amendment legal scholars, filed an <a href="https://www.eff.org/document/alasaad-v-wolf-brief-floyd-abrams-and-16-other-professors-support-plaintiffs">amicus brief</a> focusing on the privacy dimension of free expression and explained that the First Amendment requires a warrant for border searches of electronic devices.</li>
1189 <li>The Harvard Cyberlaw Clinic, on behalf of the Harvard Immigration and Refugee Clinic, filed an <a href="https://www.eff.org/document/alasaad-v-wolf-brief-amicus-curiae-harvard-immigration-and-refugee-clinic-support">amicus brief</a> arguing that border device searches have profound chilling effects on free speech, which unduly impacts immigrant communities.</li>
1190 <li>The Knight First Amendment Institute at Columbia University, the Reporters Committee for Freedom of the Press, and 12 media organizations filed an <a href="https://www.eff.org/document/alasaad-v-wolf-brief-amici-curiae-knight-first-amendment-institute-columbia-university">amicus brief</a> that underscored the implications of electronic device searches at the border on the rights of journalists, and argued that a warrant is necessary under the First and Fourth Amendments.</li>
1191 <li>The National Association of Criminal Defense Lawyers filed an <a href="https://www.eff.org/document/alasaad-v-wolf-corrected-brief-amicus-curiae-national-association-criminal-defense-lawyers">amicus brief</a> highlighting the impact of border device searches on criminal defense attorneys who often carry sensitive information relating to clients, and argued that a warrant is necessary under the Fourth and Sixth Amendments.</li>
1192 <li>Law firm Covington &amp; Burling, on behalf of the Center for Democracy and Technology, Brennan Center for Justice, R Street Institute, and TechFreedom, filed an <a href="https://www.eff.org/document/alasaad-v-wolf-corrected-brief-center-democracy-technology-brennan-center-justice-r-street">amicus brief</a> focusing on the intrusiveness of so-called “basic” searches and argued that the Fourth Amendment requires a warrant, or at least reasonable suspicion, for border searches of electronic devices.</li>
1193 </ul>
1194 <p>EFF, ACLU, and ACLU of Massachusetts originally filed this lawsuit in September 2017 on behalf of <a href="https://www.eff.org/pages/alasaad-vs-duke-bios">11 travelers</a>, 10 U.S. citizens and one permanent resident, who have all suffered warrantless, suspicionless device searches due to the government’s policies.</p>
1195 <p>In November 2019, the district court <a href="https://www.eff.org/document/alasaad-v-nielsen-summary-judgment-order">ruled</a> that border officers must have reasonable suspicion that a device contains digital contraband for any search of the device’s digital content. As part of this ruling, the district court concluded that <a href="https://www.eff.org/deeplinks/2019/11/federal-judge-issues-historic-opinion-digital-privacy-border">wholly suspicionless</a> device searches at the border are unconstitutional. The government appealed on this issue, and we cross-appealed on the issue of whether border device searches actually require a warrant.</p>
1196 <p>We are proud to see a diverse array of organizations and individuals who have filed briefs to support a warrant standard for border searches of electronic devices. We anticipate that the First Circuit will hear our case later this year or in early 2021.</p>
1197
1198 </div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/cases/alasaad-v-duke">Alasaad v. McAleenan</a></div></div></div></description>
1199 <pubDate>Tue, 18 Aug 2020 20:31:08 +0000</pubDate>
1200 <guid isPermaLink="false">103587 at https://www.eff.org</guid>
1201 <category domain="https://www.eff.org/taxonomy/term/72">Legal Analysis</category>
1202 <category domain="https://www.eff.org/issues/border-searches">Border Searches</category>
1203 <dc:creator>Saira Hussain</dc:creator>
1204 <dc:creator>Adam Schwartz</dc:creator>
1205 <dc:creator>Sophia Cope</dc:creator>
1206 </item>
1207 <item>
1208 <title>Future Ada: Tech Organizing Through an Intersectional Lens</title>
1209 <link>https://www.eff.org/deeplinks/2020/08/future-ada-tech-organizing-through-intersectional-lens</link>
1210 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span><a href="https://findingada.com/shop/a-passion-for-science-stories-of-discovery-and-invention/ada-lovelace-victorian-computing-visionary/">Ada</a><a href="https://findingada.com/shop/a-passion-for-science-stories-of-discovery-and-invention/ada-lovelace-victorian-computing-visionary/"> Lovelace</a>'s work on the first analytical engine helped lay the path for our modern world and continues to serve as an inspiration to people worldwide, including <a href="http://eff.org/fight">Electronic Frontier Alliance</a> member <a href="https://futureada.org/">Future Ada</a>. </span></p>
1211 <p>Based in Spokane, WA, Future Ada was founded in 2017 to advance opportunities and support for underrepresented genders in science, technology, engineering, art, and mathematics. That same year, <span><a href="https://www.forbes.com/sites/ellevate/2017/09/14/why-we-need-gender-equity-now/">Forbes</a> noted that closing the gender gap could increase U.S. Gross Domestic Product by two trillion dollars, yet work environments in many of these fields are so hostile to women that over fifty-percent will leave the sector as a result.</span></p>
1212 <p class="pull-quote"><span>"Just because you're not a master at your skill or you don't have something published in your name, doesn't mean you can't bring something to your field."</span></p>
1213 <p>Since their launch, Future Ada has grown into the understanding that establishing a genuinely representative sector requires an intersectional approach, and that creating inclusive spaces, where individuals from all diverse backgrounds want to be, is key to that mission. In the days leading up to our recent collaboration on panels at this year's <span><a href="https://archive.org/details/hopeconf2020/20200726_1300_Meet_the_EFA.mp4">HOPE</a> and <a href="https://www.twitch.tv/videos/704718224?filter=archives&amp;sort=time">DEF CON</a> conferences, I spoke with Rebecca Long and Emilie St-Pierre—respectively Future Ada's founder and Security Ambassador—to find out what they've learned since the group’s founding, and how they have adapted to the needs of their community and this unprecedented moment.</span></p>
1214 <p><span></span><strong><span>How did the idea for Future Ada come about? What inspired it and what were some of the first steps you took toward making it a real thing?</span></strong></p>
1215 <blockquote><p><strong><span>Rebecca:<br /></span></strong><span>In 2017, I was really struggling with my career. As a woman in tech, I was dealing with some discrimination and sexism in my own career, and I wasn't feeling supported by the leadership in my company. Honestly, I was feeling like I should quit all of tech. I felt like, ‘nobody wants me here, I don't feel welcome, and the messages that I'm getting are that I am not good enough to be here—and no one wants to help me improve to meet whatever mysterious gap that no one will disclose, then maybe I should just go do something else.’ Thankfully, I ended up going to a conference called <a href="https://www.writespeakcode.com/">Write/Speak/Code</a> that happened to be nearby in Portland that year. I went with another woman on my team who's a developer. At this woman- and non-binary-specific tech conference, they had everyone divide up into two groups. One was for the people who were newer in their careers, and one who was for people who were further along. I ended up in that [second] group. </span></p>
1216 <p><span>Throughout the week, we had to come up with projects and talk about them. At first, I didn’t know what to do. Then I got a text message from an old boss—also a woman—and she was expressing the same feelings. That’s when I got mad. I felt like, ‘maybe <em>I</em> don't belong here, but I'm sorry, I know for a fact that you belong here because you're awesome.’ I thought, what kind of nonsense is this that we're both feeling like we're being driven out of tech? I have a ton of experience—over a decade of experience at that point—and she had even more than me. I felt, ‘we're well trained and we have every right to be here.’ So, I channeled that into this project at the conference. I decided I was going to create a nonprofit. </span></p>
1217 <p><span>I was already running a user group called Spokane Geek Girls and active in the community. I had already been feeling like there was more I wanted to do to help people that were coming to me for mentoring, and help, and feeling similar to me. I had this idea of a nonprofit that would be what I’d need. But, I also felt like ‘no, I don't know how to do that. I have no idea how to start a non-profit or run an organization. That's just a ridiculous idea.’ But it was at this conference I decided, nope, that's not a ridiculous idea. This is really important and I'm going to find out how to do it. So, I bothered all of the organizers of this conference to tell me everything they knew. How do I do this? </span></p>
1218 <p><span>I made some friends and they helped me develop our original mission statement and our name. They were all wonderful soundboards for me. There hadn’t been anything like this in Spokane. I just tried to channel all of my anger at the industry for lack of support and all that I'd been experiencing. I thought ‘we need to do better. We need to channel that into positive energy, and I want to help other people.’ It helps me to help other people and I know other people are in similar states. Maybe they don't feel comfortable speaking up, or maybe they just haven't woken up to what's going on around them. Maybe they don't understand why they're never getting that promotion or why they're not getting these career opportunities. </span></p>
1219 </blockquote>
1220 <p><span></span><span></span><strong><span>It sounds like maybe that conference was an awakening moment for you in the way that you and other women were experiencing Imposter Syndrome. Are there any tools or strategies that you've been able to use that help women identify that that's what they're feeling and overcome that?</span></strong></p>
1221 <blockquote><p><span></span><strong><span>Rebecca:<br /></span></strong><span>Every speaker—and these are folks who are accomplished, wrote books, high-level management—and they're like ‘I also feel this way.’ And it was just like, ‘what!?” That's incredible. At some level, I'd always known that. But I think hearing it, and hearing it again, and hearing everyone share their stories, that was most powerful for me. Because you feel that you aren’t good enough right now, that doesn't mean that you actually aren't good enough. It's a facade that society or various things are trying to tell you and convince you of. </span></p>
1222 <p><span>Hearing other people, who are very successful, talk about that kind of stuff, and share their stories and how they work through it—even if it's ‘I just powered through,’ that’s been really helpful for me. </span></p>
1223 <p><span>I try and speak about this stuff and be open with my own experiences with people, and help others know that it's okay if you are also feeling this way. That doesn't mean that you have to stop. That doesn't mean that you don't belong here. It doesn't mean that you don't deserve a promotion or that nice salary or whatever your dream job is. You can still make an impact.</span></p>
1224 <p><span>In the last few years, I’ve been picking up the storytelling mantra as a tool. I want to highlight other people's stories and give people a platform, so they feel safe to talk to me about their story and I can share, with them, my story. </span></p>
1225 <p><span>One of the other things that, thankfully, Emilie was able to bring was an emphasis on security. Security has always been a passion of mine but it's always been on the side, because it's not really my main job. So, I've been really happy Emilie's been able to help bring some of that to our organization with our open office hours and with our security workshops. To really make these things approachable for the whole community. We want everyone to feel like technology and all of these things are safe, and you can do it. You don't have to be some math genius to do any of this stuff.</span></p>
1226 </blockquote>
1227 <p><span></span><span></span><strong><span>Emilie, have you had any experiences with Imposter Syndrome or starting to buy into folks devaluing your work or your contribution?</span></strong></p>
1228 <blockquote><p><strong><span>Emilie:<br /></span></strong><span>Yeah, fully. To this day it comes and goes. I have to say, sometimes it’ll come back in moments where I'm going through something hard at work. But I definitely had Imposter Syndrome when I was new to the security industry. I'd hang out at conferences like <a href="https://defcon.org/">DEF CON</a> when I was still new. I was learning a lot, but even though I had some skills, I constantly compared myself to the security researchers that had found vulnerabilities. These people that were presenting at these conferences, I was like ‘well, I don't have something like that to bring to the table’ so I just figured I wouldn't belong. But just because you're not a master at your skill or you don't have something published in your name, doesn't mean you can't bring something to your field. I think it took me a while to realize that. Later on, training people that were new to the field helped me realize that. ‘Oh, I can easily tell this person what <em>they</em> can bring to the field so why is it harder to say that to myself?’ I've gotten better with that over time, but it's very relatable.</span></p>
1229 </blockquote>
1230 <p><span></span><span></span><strong><span>The name Future Ada, I imagine it's an ode to Ada Lovelace, but can you talk a little bit about how you arrived at that name?</span></strong></p>
1231 <blockquote><p><span></span><strong><span>Rebecca:<br /></span></strong><span>Yeah, it is totally in honor of Ada Lovelace. I find her very inspiring. Our whole computer industry is thanks to her. We have a tendency—over history—to erase certain people from their contributions. She was one of them. Having her as part of our name, I get to talk about her. I can say, ‘hey did you know that computer science, the whole reason we have technology, is thanks to a woman? Did you know that?’ That's been really awesome.</span></p>
1232 <p><span>I want our organization to help create future Ada Lovelaces. Ada Lovelaces of today, of tomorrow, of the next day. Our next generation. Where we're inspiring folks to go out there and break those molds. Because she definitely broke molds back in her day. That's what we need to be doing. That's how you get really awesome things and you can change the world. That's what we were going for when I came up with the name.</span></p>
1233 </blockquote>
1234 <p><span></span><span></span><strong><span>How did you find Future Ada, Emilie? </span></strong></p>
1235 <blockquote><p><span></span><strong><span>Emilie:<br /></span></strong><span>Thanks to the <a href="https://www.dianainitiative.org/">Diana Initiative</a>, which is a small conference that tags alongside others during hacker summer camp. So, DEF CON, <a href="https://defcon.org/">Blackhat</a>, and <a href="https://www.bsideslv.org/">B-Sides Las Vegas</a>. I had just moved to Spokane, and I had already been doing these workshops over in Las Vegas about security and privacy, and had been hosting crypto parties, and I wanted that to continue in Spokane. But, Spokane is different. There wasn't a hackerspace that was open weekly. So, I just focused on seeing what I could do with other folks. When I saw that Rebecca was speaking at the Diana Initiative and it said she was from Spokane, I was so excited. I went to see her talk, and then after the talk let her know I was also from Spokane and that I’d love to do something together. I told her that I’d been doing these workshops and was looking to bring them. She was super receptive and very welcoming. Since then we’ve been doing these workshops. Learning as we go along. Now we get to offer them online, which is really cool. So, yeah, it's been fun to see our partnership grow and where we took it from there.</span></p>
1236 </blockquote>
1237 <p><span></span><span></span><strong><span>What are some of the biggest challenges that you faced creating the group and finding the right people?</span></strong></p>
1238 <blockquote><p><span></span><strong><span>Rebecca:<br /></span></strong><span>Maybe I shouldn't have been surprised, but I was surprised that I had people coming to me. I was trying to keep it kind of on the D.L. that I was doing this until I had it really formulated, but word started getting out, and people were saying ‘I want in on this,’ ‘I want to be on your board,’ ‘let me help you.’ That was really inspiring.</span></p>
1239 <p><span>Challenges? I'm not a marketing person, that's not my specialty. We don't really have anyone on our board that's a marketing expert. So we learned a lot on that end. I feel like we're learning a lot by doing things wrong. Not wrong, but not very effectively. We think ‘this will work great’. And it works, sort of, but we want to have a bigger reach. Learning more marketing will help us on that front but that takes time. It is a challenge.</span></p>
1240 <p><span>We want to be really careful with what we do. We want to make sure that when we expand our board, that we're bringing in the right people. That we’re really mindful about that. We’re also aware of our 100% white board. As we work to expand our board, and organization leadership, we are being mindful to diversify ourselves and bring in better racial perspectives. We are working as an organization to learn how to grow and best speak on the topic of race and injustice. It's a process and it's important so we aren't shying away from it.</span></p>
1241 </blockquote>
1242 <p><span></span><span></span><strong><span>Are there any other challenges that you didn't anticipate?</span></strong><span></span></p>
1243 <blockquote><p><strong><span>Emilie:<br /></span></strong><span>Creating the workshops and letting people know that we are available to help them. We spend time creating these workshops. We spend the time to get volunteers to come to workshops and be there to help folks. I thought our biggest challenge would have been managing the demand, because we literally offer free tech support—and privacy and security support—but it's actually been very easy to do that. We have open hours for folks that we want to help, but we're obviously not reaching as far as we can. For me, marketing is like an alien planet. My background is really privacy and security. I think that's the challenge I've never faced before. And definitely the hardest one from my end.</span></p>
1244 <p><span></span><strong><span>Rebecca:<br /></span></strong><span>We've had some really successful programs. We ran <a href="https://www.facebook.com/MarchForScienceSpokane">March for Science</a> last year in Spokane. It was great. It was kind of a last minute thing. We came in to help as the new parent organization, and it was super successful. We had a huge turnout but that was one event. A one-day thing. And, then we've had other one-day events that have been really successful. But then our recurring workshops aren’t even an hour and we have low turnout. We haven't unlocked that piece yet. </span></p>
1245 <p><span>Since moving online because of the pandemic, we've seen higher participation in our workshops, and I feel like we're going to have higher participation across the board. So, we're working to transition everything. Next year when we restart some of our year-long programs, they'll be online or a majority online. Maybe part of our problem is that Spokane is a little different and folks have different priorities, but attending something from home, where they don't have to worry about travel or parking, I think that kind of helps avoid it and it's less of a dent in their day. I'm really hopeful that this actually can be a really positive thing for our organization. and that it also expands our reach outside of Spokane. Anyone can participate. Which is really cool because it helps broaden our reach.</span></p>
1246 </blockquote>
1247 <p><span></span><span></span><strong><span>Are there any other partnerships in your area that you’ve found to be effective partnerships?</span></strong></p>
1248 <blockquote><p><span></span><strong><span>Rebecca:<br /></span></strong><span>Emilie’s been working with <a href="https://www.voa.org/">Volunteers of America</a>. </span></p>
1249 <p><span></span><strong><span>Emilie:<br /></span></strong><span>Yes. With <a href="https://www.voaspokane.org/crosswalk">Crosswalk</a>. We teach teenagers about privacy and security. Online privacy and security. We've even done some introductory cryptography stuff. I'm very big on making sure that it's something fun. It’s a puzzle. We actually use some of EFF’s crypto tools for that. At the end of the workshop I told our participants ‘did you know that crypto is math and you just did math?’ They thought it was really fun and really cool. For kids that are maybe told that they're not good at math, or are uncomfortable with the idea of math, after that they realize that there's all sorts of ways to look at math. That's a big partnership for us. </span></p>
1250 <p><span></span><strong><span>Rebecca:<br /></span></strong><span>There's another nonprofit in Spokane, that is more of a general tech nonprofit called Inland Northwest Technologists (<a href="https://inlandnorthwest.tech/">INT</a>). Our original Vice President came from that organization. He had brought to Spokane, with INT, this event called <a href="https://codeinthedarkspokane.com/">Code in the Dark</a>. The last two times that event has been held in Spokane, it's been a partnership between that organization and ours. We bring in more of a diversity, and really work to help and make sure it’s an inclusive space. The first few years they ran it, it was nearly all men that were participating. Only men were in the top three winners. October of last year, the last time we held it, was the first time we had a woman win the competition. It was amazing. </span></p>
1251 <p><span>We have been trying to work with the <a href="https://ywcaspokane.org/">YWCA in Spokane</a>, to help bring some of these security principles and privacy principles to their domestic violence survivors. Emily and I are very passionate about that and we want to be supporting this group of our community. We know the YWCA has been very busy. Just in general. So getting the momentum to really get that partnership off the ground has been a little slow. We're still hopeful. We're not going to give up on it anytime soon. </span></p>
1252 <p><span></span><strong><span>Emilie:<br /></span></strong><span>We are already available for service for survivors. When we have our open office hours on Saturdays we are ready to accept survivors. We have a clinical approach to detect compromise. So, we can accept anyone that is in that situation and help them navigate their technology or help them navigate compromises or any kind of stalkerware, spyware. We are ready to do that already. </span></p>
1253 <p><span>I think switching to online has been wonderful for certain aspects of what we offer. The workshops are available to a larger population, and more accessible in some ways. My only concern is office hours. We would typically do them downtown at the <a href="https://www.spokanelibrary.org/">Spokane Library</a>. This also gave us the opportunity to help homeless folks. We had a few people come in that don't have a computer at home. Don't have a home. How do you make sure that you're helping that population? So that’s something that, when things start to open up, we'll definitely want to make sure that we're not overlooking certain segments of the population that we might be able to help. We said we're going to focus on being very online but not 100% online, because we don't want to miss those folks that we might be able to better serve that way.</span></p>
1254 </blockquote>
1255 <p><span></span><span></span><strong><span>No two communities are exactly the same. That’s one of the reasons it’s so critical to have groups like Future Ada that are rooted in and can adapt to the needs of their city or town. What are you finding are the core needs of your community? Is it different from what your original expectations were?</span></strong></p>
1256 <blockquote><p><span></span><strong><span>Rebecca: <br /></span></strong><span>My original intention was really limited. The organization was focused on gender diversity. I thought we would just focus in on that. What I've found is you can't really solve that problem without taking an intersectional approach. If you care about women in tech, then great, you're gonna need to have an inclusive environment. Hey, you know what? That also helps all these other people. So, really, focusing on shifting our mindset to be inclusive and approachable really helps everybody. That's been kind of a shift for me that I guess I was a little surprised with, but I'm really happy that we've made this turn. I'm also learning how many people in our community could use more basic support. Not necessarily learning how to program, but ‘how do I fix this on my browser?’ Really turning folks from being afraid of technology to helping them feel that they can do this. That's been a little surprising to me, but I'm really happy that that's something that we can help with. Wherever the community is, that's where we want to be to help lift everybody up. </span></p>
1257 </blockquote>
1258 <p><span></span><span></span><strong><span>What is Future Ada’s decision-making process like? What are the voices that are involved? How do you work together to come to a shared path?</span></strong></p>
1259 <blockquote><p><span></span><strong><span>Rebecca:<br /></span></strong><span>We have different committees. Anything security or privacy related, Emilie is in charge of that. So, anything she says we're probably just gonna back it. We have our career mentoring committee. One of our other board members is responsible for that. It’s the same thing, whoever is responsible for a committee we've entrusted them with leading that and reporting back anything that seems more pivotal or in need of a larger decision. But, generally speaking we meet once a month as a board, and we discuss things on a regular basis. I think we're all pretty much in alignment. We're also still a really small group, board wise, and our committees are still pretty small. Once we get bigger we're gonna need a more formal process, but at the moment we're all pretty well in sync, I think. Emilie, what do you think? </span></p>
1260 <p><span></span><strong><span>Emilie:<br /></span></strong><span>I was smiling when nash asked that question, because I was like ‘how do we come to decisions?’ Well, first we share all of our cats and cat videos during our meeting. And once we've done that, then we start really having these discussions. But what I like is that everyone is very very receptive and generally considers everyone's point of view and opinion really well. It's been a really nice dynamic, and I think it has a lot to do with, you know, starting the meeting off with cat memes and showing off our real cats, if we can. It makes a big difference.</span></p>
1261 </blockquote>
1262 <p>Future Ada’s work to lift up and support Spokane women in STEAM has extended far beyond their local area, while still being focused on the needs of their own community. As members of the Electronic Frontier Alliance they have been instrumental in contributing to the development of related work for allied groups throughout the U.S.</p>
1263 <p>If you are a member of a community or student-led group in your area working to protect digital security, free expression, privacy, creativity and access to knowledge, consider joining the <a href="http://eff.org/fight">Electronic Frontier Alliance.</a></p>
1264
1265 </div></div></div></description>
1266 <pubDate>Tue, 18 Aug 2020 16:30:29 +0000</pubDate>
1267 <guid isPermaLink="false">103585 at https://www.eff.org</guid>
1268 <category domain="https://www.eff.org/issues/security-education">Security Education</category>
1269 <category domain="https://www.eff.org/fight">Electronic Frontier Alliance</category>
1270 <dc:creator>Nathan Sheard</dc:creator>
1271 <enclosure url="https://www.eff.org/files/banner_library/future-ada-1.jpg" alt="Artist depiction of Ada Lovelace framed by a circle with the text reading &#039;futureada.org&#039;." type="image/jpeg" length="115448" />
1272 </item>
1273 <item>
1274 <title>Article 17: Germany Shows Creativity, but EFF Wants More</title>
1275 <link>https://www.eff.org/deeplinks/2020/08/article-17-germany-shows-creativity-eff-wants-more</link>
1276 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>The implementation of Art 17 (formerly Article 13) into national laws will have a profound effect on what users can say and share online. The controversial rule, part of the EU’s <a href="https://www.eff.org/deeplinks/2019/03/european-copyright-directive-what-it-and-why-has-it-drawn-more-controversy-any">copyright directive</a> approved last year, has the potential to turn tech companies and online services operators into copyright police. It is now up to national Member States to implement the directive and to ensure that user rights and freedom of speech is giving priority over notoriously inaccurate filtering and harmful monitoring of user content.</p>
1277 <p><a href="https://www.eff.org/deeplinks/2020/06/dutch-law-proposes-wholesale-jettisoning-human-rights-considerations-copyright">The initial forays into transposition were catastrophic</a>. Both France and the Netherlands have failed to present a balanced copyright implementation proposal. Now, the Germany government presented launched a <a href="https://www.bmjv.de/SharedDocs/Gesetzgebungsverfahren/DE/Gesetz_II_Anpassung-Urheberrecht-dig-Binnenmarkt.html?nn=6712350">public consultation</a> on a draft bill to implement the EU copyright directive. The draft takes a step in the right direction. Options for users to pre-flag uploads as "authorized" and exceptions for every day uses are a clear added value from a user perspective. However, in its current shape, the draft fails to adequately protect user rights and freedom of expression. It seems inevitable that service providers will use content recognition technologies to monitor all user uploads and privacy rights are not considered at all. </p>
1278 <p>We have therefore recently submitted <a href="https://www.eff.org/document/eff-opinion-ger-implementation-art-17-c-dsm">comments to the German government</a> with recommendations of how to improve the current version. Our message is clear: have the interest of users and freedom of speech in mind rather than solidifying the dominance of big tech platforms that already exist.</p>
1279 <div class="page" title="Page 2">
1280 <div class="layoutArea">
1281 <div class="column">
1282 <p><span> </span></p>
1283 </div>
1284 </div>
1285 </div>
1286
1287 </div></div></div></description>
1288 <pubDate>Tue, 18 Aug 2020 13:56:54 +0000</pubDate>
1289 <guid isPermaLink="false">103564 at https://www.eff.org</guid>
1290 <category domain="https://www.eff.org/issues/article-13">Article 13</category>
1291 <category domain="https://www.eff.org/issues/eu-policy">EU Policy</category>
1292 <dc:creator>Christoph Schmon</dc:creator>
1293 <enclosure url="https://www.eff.org/files/banner_library/og-copyrightbot-hd_0.png_0.jpg" alt="" type="image/jpeg" length="232160" />
1294 </item>
1295 <item>
1296 <title>An Open Letter to the Government of South Africa on the Need to Protect Human Rights in Copyright</title>
1297 <link>https://www.eff.org/deeplinks/2020/08/open-letter-government-south-africa-need-protect-human-rights-copyright</link>
1298 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Five years ago, South Africa <a href="https://www.eff.org/deeplinks/2015/08/south-african-copyright-review-overdue-pioneering-and-parts-completely-absurd">embarked upon a long-overdue overhaul of its copyright system</a>, and, as part of that process, the country incorporated some of the <em>best</em> elements of both U.S. and European copyright.</p>
1299 <p>From the U.S.A., South Africa imported the flexible idea of <a href="https://www.eff.org/issues/intellectual-property">fair use</a> -- a set of tests for when it's okay to use others' copyrighted work without permission. From the E.U., South Africa imported the idea of specific, enumerated exemptions for libraries, galleries, archives, museums, and researchers.</p>
1300 <p>Both systems are important for preserving core human rights, including free expression, privacy, education, and access to knowledge; as well as important cultural and economic priorities such as the ability to build U.S.- and European-style industries that rely on flexibilities in copyright.</p>
1301 <p>Taken together, the two systems are even better: the European system of enumerated exemptions gives a bedrock of certainty on which South Africans can stand, knowing for sure that they are legally permitted to make those uses. The U.S. system, meanwhile, future-proofs these exemptions by giving courts a framework with which to evaluate new uses involving technologies and practices that do not yet exist.</p>
1302 <p>But as important as these systems are, and as effective as they'd be in combination, powerful rightsholder lobbies insisted that they should not be incorporated in South African law. Incredibly, the U.S. Trade Representative <a href="https://www.keionline.org/32804">objected to elements of the South African law that were nearly identical to U.S. copyright</a>, arguing that the freedoms Americans take for granted should not be enjoyed by South Africans.</p>
1303 <p>Last week, South African President Cyril Ramaphosa alarmed human rights N.G.O.s and the digital rights community when he returned the draft copyright law to Parliament, striking out both the E.U.- and U.S.-style limitations and exceptions, arguing that they violated South Africa's international obligations under the Berne Convention, which is incorporated into other agreements such as the WTO's TRIPS Agreement and the WIPO Copyright Treaty.</p>
1304 <p>President Ramaphosa has been misinformed. The copyright limitations and exceptions under consideration in South Africa are both lawful under international treaties and important to the human rights, cultural freedom, economic development, national sovereignty and self-determination of the South African nation, the South African people, and South African industry.</p>
1305 <p>Today, EFF sent an <a href="https://www.eff.org/files/2020/08/17/south_africa_copyright_intervetion_by_electronic_frontier_foundation.pdf">open letter</a> to The Honourable Ms. Thabi Modise, Speaker of South Africa's National Assembly; His Excellency Mr. Cyril Ramaphosa, President of South Africa; Ms. Inze Neethling, Personal Assistant to Minister E. Patel, South African Department of Trade, Industry and Competition; and The Honourable Mr. Andre Hermans, Secretary of the Portfolio Committee on Trade and Industry of the Parliament of South Africa.</p>
1306 <p>In our letter, we set out the legal basis for the U.S. fair use system's compliance with international law, and the urgency of balancing South African copyright with limitations and exceptions that preserve the public interest.</p>
1307 <p>This is an urgent matter. EFF is proud to partner with NGOs in South Africa and around the world in advocating for the public's rights in copyright.</p>
1308
1309 </div></div></div></description>
1310 <pubDate>Tue, 18 Aug 2020 12:24:41 +0000</pubDate>
1311 <guid isPermaLink="false">103584 at https://www.eff.org</guid>
1312 <category domain="https://www.eff.org/taxonomy/term/70">Commentary</category>
1313 <category domain="https://www.eff.org/issues/international">International</category>
1314 <category domain="https://www.eff.org/issues/intellectual-property">Fair Use</category>
1315 <dc:creator>Cory Doctorow</dc:creator>
1316 <enclosure url="https://www.eff.org/files/banner_library/copyright-orange_0.png" alt="Copyright Symbol" type="image/png" length="31474" />
1317 </item>
1318 <item>
1319 <title>No to Expanded HHS Surveillance of COVID-19 Patients</title>
1320 <link>https://www.eff.org/deeplinks/2020/08/no-expanded-hhs-surveillance-covid-19-patients</link>
1321 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>The federal government plans to process more of our personal data, in the name of containing COVID-19, but without showing that this serious privacy intrusion would actually do anything to protect public health. EFF filed comments in <span><a href="https://www.eff.org/document/2020-08-17-eff-comments-re-hhs-regs-re-covid-data">opposition</a></span> to these new plans from the U.S. Department of Health and Human Services (HHS).</p>
1322 <p>The U.S. Centers for Disease Control (CDC) leads our nation’s efforts to contain infectious diseases. Thus, CDC for decades has <a href="https://www.cdc.gov/nhsn/about-nhsn/index.html">managed</a> the federal government’s processing of personal data about infection. It <a href="https://www.cms.gov/files/document/32920-hospital-letter-vice-president-pence.pdf">did so</a> during the early months of the COVID-19 outbreak. But in July 2020, HHS <a href="https://www.nytimes.com/2020/07/14/us/politics/trump-cdc-coronavirus.html">stripped</a> this tracking authority from the CDC, and transferred it to a new program called “<a href="https://www.hhs.gov/sites/default/files/covid-19-faqs-hospitals-hospital-laboratory-acute-care-facility-data-reporting.pdf">HHS Protect</a>.”</p>
1323 <p>HHS issued <a href="https://www.federalregister.gov/documents/2020/07/20/2020-15564/privacy-act-of-1974-system-of-records">two</a> <a href="https://www.federalregister.gov/documents/2020/07/16/2020-15380/privacy-act-of-1974-system-of-records">new</a> Systems of Records Notices (SORNs) about this new HHS program. The federal <a href="https://www.justice.gov/opcl/privacy-act-1974">Privacy Act</a> requires federal agencies to issue <a href="https://www.hhs.gov/foia/privacy/sorns/index.html">SORNs</a> to advise people about personally identifiable information that the government maintains about them.</p>
1324 <p>Unfortunately, HHS Protect poses a grave threat to the data privacy of all Americans. As set forth in the SORNs, it would greatly expand how the federal government collects, uses, maintains, and shares all manner of personal information. We highlighted the following ways that HHS Protect would substantially burden privacy without a necessary or proportionate benefit to protecting public health.</p>
1325 <p><strong><em>New data collection</em></strong>. The SORNs would allow collection of personal information about physical and psychological health history, drug and alcohol use, diet, employment, and more. Data collected would also include “geospatial records,” which countless <a href="https://www.fastcompany.com/90278465/sorry-your-data-can-still-be-identified-even-its-anonymized">research</a> has shown is difficult to de-identify. Data would be collected not just about people who test positive, but also about their family members, as well as people who test negative, and perhaps people who have not tested at all. Data would be collected from countless different sources, including federal, state, and local governments, their contractors, the healthcare industry, and patients’ family members.</p>
1326 <p><strong><em>New data sharing</em></strong>. The SORNs would allow sharing of these vast sets of data with additional federal agencies, unspecified outside contractors, and even “student volunteers.” These additional federal agencies would be allowed, in turn, to share the data with their contractors. Patient consent would not be required for this sharing.</p>
1327 <p><strong><em>New data use</em></strong>. The SORNs would allow use of this data in litigation and “other proceedings” whenever the federal government has “an interest” in them (such use now is allowed only when HHS is a defendant in litigation).</p>
1328 <p><strong><em>New data storing</em></strong>. The SORNs would allow permanent retention of data with “significant historical and/or research value” (retention now is limited to four years).</p>
1329 <p>No doubt, the ongoing COVID-19 crisis requires a coordinated governmental response, which in turn requires robust data concerning the spread of the disease. But HHS has made no showing that CDC’s existing epidemiological data systems are not up to the task.</p>
1330 <p>Thus, EFF filed <span><a href="https://www.eff.org/document/2020-08-17-eff-comments-re-hhs-regs-re-covid-data">comments</a></span> with HHS, asking the agency to withdraw these two SORNs. They violate the Privacy Act and create new threats to privacy without any showing of public health benefit.</p>
1331
1332 </div></div></div></description>
1333 <pubDate>Mon, 17 Aug 2020 20:50:57 +0000</pubDate>
1334 <guid isPermaLink="false">103578 at https://www.eff.org</guid>
1335 <category domain="https://www.eff.org/issues/privacy">Privacy</category>
1336 <category domain="https://www.eff.org/issues/covid-19">COVID-19 and Digital Rights</category>
1337 <category domain="https://www.eff.org/issues/medical-privacy">Medical Privacy</category>
1338 <dc:creator>Adam Schwartz</dc:creator>
1339 <enclosure url="https://www.eff.org/files/banner_library/medical-privacy.png" alt="" type="image/png" length="26686" />
1340 </item>
1341 <item>
1342 <title>Personal Telco Project: A Case Study in Community Connectivity</title>
1343 <link>https://www.eff.org/deeplinks/2020/08/personal-telco-project-case-study-community-connectivity</link>
1344 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>The necessity to work from home as a result of the COVID-19 outbreak has highlighted the need for fast, reliable and affordable broadband internet. It is indisputable: access to the internet is essential. There has long been an acknowledgment that the connectivity <a href="https://www.eff.org/deeplinks/2020/03/social-distancing-digital-divide-and-fixing-going-forward">disparity in America is only serving to widen the income gap</a>. However, before the term ‘digital divide’ was coined a small group in Portland, Oregon set about addressing the shortcomings in connectivity that their community faced.<br /><br />For the past twenty years, the <a href="https://personaltelco.net/wiki">Personal Telco Project</a> (PTP) has been creating a network in Portland using a <a href="https://www.linksys.com/us/r/resource-center/whole-home-mesh-wifi/">mesh system</a>, whereby homes and businesses (hosts) would use their existing internet connection as a ‘node’, making Wi-Fi connections available to the public. As participation in the network grew, the speed and coverage of this network improved.<br /><br />I had a conversation with Russell Senior, President of the Personal Telco Project. We discussed the origins of the groups, the impact it had on Portland Internet culture and what they did to address the immediate needs of the community. We also looked at solutions to the broader issue of the digital divide in Portland.</p>
1345
1346 <p><b>Lewis: Can you tell me how the group got started? What was the pressing need at the time?</b></p>
1347 <p><span><strong>Russell Senior</strong>: It started as a result of three things: The dot com bubble had burst and tech workers who had been accustomed to what was at the time high-speed Internet in their offices, were suddenly at home, where they didn’t have fast Internet connections.<br /><br />The second factor was that Wi-Fi gear had started to become more accessible. You could go to a store and buy a router or a </span><a href="https://searchwindowsserver.techtarget.com/definition/PCMCIA-card"><span>PCMCIA</span></a><span> card and plug it into your laptop.<br /><br />Finally, the founder of the group, Adam Shand, saw an article on Slashdot about a group in London called ‘Consume.net’ where people were using Wi-Fi technology to create a community wireless network, and he was inspired to do something similar in Portland. That was in the year 2000, and that was the beginning of the Personal Telco Project.</span><span>These people were realizing that the telecommunication infrastructure and the constraints that bigger operators were imposing, were not satisfying their needs, so they decided try to build an alternative infrastructure.</span></p>
1348 <p><span>In 2003 we became a 501c3 nonprofit and the network was growing pretty rapidly. In 2005 we received a grant of about $15,000 to build an outdoor network in a low-income neighborhood along Mississippi Ave and asked for people to help. </span><span>By chance, that’s when I started coming to meetings. I had been aware of the project for some time, but having young children left me short on time. Once my kids were a little older, I decided to get involved. At the first meeting, they announced they had just been awarded the grant from Meyer Memorial Trust, and issued a Call for Participation. I showed up at the kickoff meeting with a GPS device and was immediately appointed leader of the recon team which was used to go around the neighborhood and scout locations. <br /></span></p>
1349 <p><span>In the early days, our monthly meetings had several dozen attendees. Installs would draw a dozen volunteers. Over time, there was an attrition on membership as the network infrastructure had been built which was more labor intensive. PTP is currently an active group of about six people. Node hosts are a more passive kind of volunteer, and there are perhaps 50-60 of them</span></p>
1350 <p><span><strong>LWG: </strong></span><span></span><b>What were the technological challenges for PTP?<br /><br /></b><span></span><span><strong>RS</strong>: The primary barrier was the quality of open source drivers for wifi radios. In those days, Linksys WRT54G’s were commonly used, as you could put alternate firmware on them, but the big issue was that they had radios made by Broadcom, which had drivers that were not open source. As a result, you were pinned to a LINUX kernel, which allowed limited changes. The best option at the time was a series of radios made by Atheros that were open-source-ish. For the Mississippi Grant Project, the key feature we needed was WDS (Wireless Distribution Systems)</span><b>.</b></p>
1351 <p><span>We were deploying single board computers in a little enclosure on the roofs of buildings and using 5GHz to do backhaul between the buildings and then a 2.4GHz a radio in the same box that would provide local coverage for devices to connect to.</span></p>
1352 <p><b>LWG: Were there difficulties in finding hosts?</b></p>
1353 <p><span><strong>RS</strong>: It is difficult. Ideally, you would have some sort of friendly outreach person to go around and promote the network and tell people how great it is. We did have a person like that in the early days, Nigel Ballard, who would go around to local coffee shops, and in the course of getting coffee, would promote the idea of a wifi network to the businesses. This was in the early days of wifi generally, so it was new to many people, and they were only beginning to understand what it was and how it could benefit them and their communities.</span></p>
1354 <p><span>At peak, we had around 140 networks, around 30 of which were networks that we didn’t establish directly, but we let them use our SSID.</span></p>
1355 <p><strong>LWG: </strong><span></span><b>How did ISPs respond to this? Was there ever any issue with them?<br /><br /></b><span><strong>RS</strong>: In the early 2000s in Oregon we had a vibrant DSL based ecosystem, which was essentially an open access network. There were so many ‘Mom and Pop’ dial-up ISPs in Oregon. There were instantly dozens of options to choose from once you signed up with a phone company to get DSL. The telecoms also created their own, but many people already had existing relationships, so they stuck with them once DSL came in.<br /><br />There were so many locally-owned ISPs that liked what we were doing and felt that we were good for business. Whereas the bigger provider was hostile, as the idea of users sharing a network was seen as a threat to their revenue. When we would help create a network, we would provide the host with a list of ISPs that we knew wouldn’t give them problems, and recommend that the person go with one of them. No one, to my knowledge, was ever hassled by an ISP.</span></p>
1356 <p><span><strong>LWG:</strong> </span><b>Did the group overestimate the scalability of wireless networks?<br /><br /></b><span><strong>RS</strong>: I think our enthusiasm for the wireless stuff and building a mesh network was born out of an ignorance of what wasn’t possible. We thought we could build an alternative infrastructure. We didn’t have the density of individuals to make a widespread network.</span></p>
1357 <p><span>In the very early days, we didn’t understand the limitations of the thing. We had a particular problem with the physical geography of Portland, in that most of the footprint is flat, with short houses and tall trees, which made line-of-sight difficult over anything but short distances.</span></p>
1358 <p><span><strong>LWG:</strong> </span><b>As Wi-Fi is much more commonplace now, has the opportunity for PTP to create networks decreased over time?<br /><br /></b><span><strong>RS</strong>: I think the perceived need to have us help people build their network has decreased. We still offer something most small businesses and individuals can’t do for themselves, which is a set of management tools on a gateway router that allows us to deal with abuse, if it occurs. These tools generally aren’t available on consumer off-the-shelf access points. </span></p>
1359 <p><span>We also offer a community vibe, that lets small businesses say, “hey, we are a member of the community and we work with these community organizations to benefit the community.” We like to think we helped normalize the idea that a coffee shop should provide free Wi-Fi. It was easy to try and commodify Wi-Fi access for small businesses, but we went in with the attitude of ‘we will help you create this network, we will do it for free, but you can’t charge people to use it.’ ‘It should be free for your customers and you will generate goodwill between the customers, and this will lead to an increase in business.’ Nowadays, it is really uncommon to have to pay for Wi-Fi access at businesses.</span></p>
1360 <p><span>In the earlier days, when we had local media focusing on what we were doing, the Portland International Airport adopted free Wi-Fi throughout the terminals. Another trend we have seen is that the tech nerd demographic lost the enthusiasm for free Wi-Fi when the cell phone data plans became more prevalent.</span></p>
1361 <p><b><strong>LWG:</strong> Going forward, how do you feel that the digital divide can be addressed for other communities?</b></p>
1362 <p><span><strong>RS</strong>: I had always seen Wi-Fi as a more localized technology rather than something that was going to provide people with a sustainable, scalable infrastructure.</span></p>
1363 <p><span>Telecommunication has tremendous value. The problem is that the owners of the infrastructure that facilitates telecommunication, particularly last-mile access providers, have so much market power that they can capture a disproportionate share of that value through the prices they charge. </span></p>
1364 <p><span>The cost of building the infrastructure has presented a barrier to entry that make it an unattractive investment for second providers, which means that competition is very weak, increasing the market power of the dominant provider. FCC "light touch" regulation has left heavy-handed power in the hands of the access provider. I have concluded that the most practical way out of this situation is for users to directly invest in the access infrastructure so that they can set rules that serve their interests. In the end, it is much cheaper to own than it is to rent.<br /></span></p>
1365 <p><span>The underlying philosophy is that ISPs have too much power and we want to circumvent that. So, in order for societies to be able to subsidize the people that need to be subsidized, the price needs to be lowered to a point where it is much closer to the actual cost of providing the service. I think the only way to get to that point, is to own the infrastructure.</span></p>
1366 <p><span>So, some model with public ownership, or non-profit, is the only way we are going to get to that price point and not just throwing public resources at a giant company with a huge mouth that gets bigger as its appetite improves. You can’t go to Comcast and say ‘please help us out, we have this sob story of these people that cant internet service.’ They will just keep jacking the price for as much money as they can pry out of the public.</span></p>
1367 <p><span><strong>LWG:</strong> </span><b>What are the benefits of making broadband a public utility?<br /><br /></b><span><strong>RS</strong>: We have seen this approach be effective with other public utilities. The Bonneville Power Administration in the Pacific North-West is a good example of this. The Federal Govt constructed hydroelectric infrastructure on the Columbia River and the electricity is sold wholesale with the prices to market regulated. We have lots of examples of municipal utilities like water and sewer service, and there are parallels to the transportation systems, which are nearly all public infrastructure.<br /><br />The problem comes back to funding. You can have a bunch of people that form a non-profit, but unless you have bonding authority and can borrow hundreds of millions of dollars, you are not going to get it off the ground. Therefore, the best solution is the most local government you can get to raise the money to build the network. That’s why I think city is the right scale: Large enough to secure funding but local enough to be responsive to the needs of the residents.</span></p>
1368 <p><span><strong>LWG:</strong> </span><b>5G is touted as the solution to the digital divide by the telecom companies. How do you respond to that?</b></p>
1369 <p><span><strong>RS</strong>: Cell phone data is the bottled water of the Internet; it is convenient on the go, but it is expensive and always comes with a cap. </span><span> </span></p>
1370 <p><span>When LTE first appeared, everyone was excited by how fast it was, but the reality is, you can run through your limit in 15 minutes. Sure it is fast, but it is capped, so volume becomes the problem when you are providing that same service to 100 million-plus people. By depending on 5G, you will be at the mercy of your cell phone carrier. 5G infrastructure will depend on fiber cables anyway, so why not just take the fiber to the house?</span></p>
1371 <p><span>If anyone thinks that 5G can solve these issues, I would ask them: do you like your cell carrier now? Do you feel like you are treated fairly? Because they will be the same companies controlling the 5G market.</span></p>
1372 <p><b><strong>LWG:</strong> Can you tell me about your new initiative?</b></p>
1373 <p><span><strong>RS</strong>: We started a 501c4 advocacy group called “The Municipal Broadband Coalition of America.” Our local campaign is called Municipal Broadband PDX. There had been an exploration of a municipal network in 2007 in Portland, but the issue was fear of risk and a lack of political leadership, possibly combined with philosophical hostility to the public intervening where a private enterprise was operating.<br /></span></p>
1374 <p><span>This time around, Multnomah County has been receptive, so far, and we have gained good traction, getting local authorities to invest in a feasibility study. The county has seen the need to address the digital divide as gentrification has driven many people, particularly Black people, out of Portland and into areas that are under-served. The idea of subsidizing these communities to improve their connectivity is being discussed. </span></p>
1375 <p><span><strong>LWG: </strong></span><b>How has the COVID-19 pandemic affected this issue?</b></p>
1376 <p><span><strong>RS</strong>:The school board is subsiding families that cannot afford the Comcast Essentials package, so that their children can stay connected to school. This means that the government is pouring money into the large ISPs for a service that is essential. The fact that the internet is essential to everyday life is becoming more obvious every day.</span><span> </span></p>
1377 <p><span></span></p>
1378 <p><em><span>Our thanks to</span> <span>Russell for his time. Personal Telco Project is still working to expand the mesh network in Portland and reduce access disparity. Through his work with </span><a href="https://www.mbcoa.org/"><span>The Municipal Broadband Coalition of America</span></a><span>, Russell looks to build upon the work of PTP, by facilitating a better connected society. </span></em></p>
1379 <p><em><span>To find an Electronic Frontier Alliance affiliated group near you, visit</span><a href="https://www.eff.org/deeplinks/2020/05/eff.org/fight"> <span>eff.org/fight</span></a><span>. If you are already part of a grassroots or community group in your area please consider </span><a href="https://supporters.eff.org/join-efa"><span>joining the Alliance</span></a><span>.</span></em></p>
1380
1381
1382 </div></div></div></description>
1383 <pubDate>Fri, 14 Aug 2020 20:15:27 +0000</pubDate>
1384 <guid isPermaLink="false">103571 at https://www.eff.org</guid>
1385 <category domain="https://www.eff.org/fight">Electronic Frontier Alliance</category>
1386 <dc:creator>Lewis Gittens</dc:creator>
1387 <enclosure url="https://www.eff.org/files/banner_library/efa-2.png" alt="" type="image/png" length="19745" />
1388 </item>
1389 <item>
1390 <title>Victory! Court Orders CA Prisons to Release Race of Parole Candidates</title>
1391 <link>https://www.eff.org/deeplinks/2020/08/victory-court-orders-ca-prisons-release-race-parole-candidates</link>
1392 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>In a win for transparency, a state court judge <a href="https://www.eff.org/document/order-voss-v-cdcr">ordered</a> the California Department of Corrections and Rehabilitation (CDCR) to disclose records regarding the race and ethnicity of parole candidates. This is also a win for innovation, because the plaintiffs will use this data to build new technology in service of criminal justice reform and racial justice.</p>
1393 <p>In <a href="https://www.eff.org/cases/voss-v-cdcr"><em>Voss v. CDCR</em></a>, EFF represented a team of researchers (known as Project Recon) from Stanford University and the University of Oregon who are attempting to study California parole suitability determinations using machine-learning models. This involves using automation to review over 50,000 parole hearing transcripts and identify various factors that influence parole determinations. Project Recon’s ultimate goal is to develop an AI tool that can identify parole denials that may have been influenced by improper factors as potential candidates for reconsideration. Project Recon’s work must account for many variables, including the race and ethnicity of individuals who appeared before the parole board.</p>
1394 <p>Project Recon is a promising example of how AI might be used to identify and correct racial bias in our criminal justice system.</p>
1395 <p>In September 2018, Project Recon requested from CDCR race and ethnicity information of parole candidates. CDCR denied the request, claiming that the information was not subject to the California Public Records Act (CPRA). Instead, CDCR shuttled the researchers through its discretionary research review process, where they remained in limbo for nearly a year. Ultimately, the head of the parole board declined to support the team’s request because one of its members had previously <a href="http://harvardcrcl.org/wp-content/uploads/sites/10/2019/07/54.2-K-Bell.pdf">published research</a> critical of California’s parole process.</p>
1396 <p>In June 2020, EFF filed a <a href="https://www.eff.org/document/petition-voss-v-cdcr">lawsuit</a> on behalf of Project Recon alleging that CDCR violated the CPRA and the First Amendment. Soon after, our case was consolidated with a similar case, <em>Brodheim v. CDCR</em>. We <a href="https://www.eff.org/document/eff-brief-iso-writ-mandate-voss-v-cdcr">moved for a writ of mandate</a> ordering CDCR to disclose the race data.</p>
1397 <p>In its <a href="https://www.eff.org/document/government-brief-opposing-writ-mandate-voss-v-cdcr">opposition</a>, CDCR claimed it was protecting the privacy of incarcerated people, and that race data constituted “criminal offender record information” and was therefore exempt from disclosure. EFF <a href="https://www.eff.org/document/eff-reply-brief-iso-writ-mandate-voss-v-cdcr">pointed out</a> that the public interest in disclosure is high—especially since racial disparities in the criminal justice system are a national topic of conversation—and thus was not outweighed by the public interest in nondisclosure. EFF also argued that race data could not constitute “criminal offender record information” since race has nothing to do with someone’s criminal record, but rather is demographic information.</p>
1398 <p>The court <a href="https://www.eff.org/document/order-brodheim-v-cdcr-voss-v-cdcr-companion-case">agreed</a>. It reasoned that the public has a strong public interest in disclosure of race and ethnicity data of parole candidates:</p>
1399 <blockquote><p>[T]his case unquestionably involves a weighty public interest in disclosure, i.e., to shed light on whether the parole process is infected by racial or ethnic bias. The importance of that public interest is vividly highlighted by the current national focus on the role of race in the criminal justice system and in American society generally . . . . Disclosure insures that government activity is open to the sharp eye of public scrutiny. </p>
1400 </blockquote>
1401 <p>Accordingly, the court ordered CDCR to produce the requested records. Last week, CDCR declined to appeal the court’s decision and produced the records.</p>
1402 <p>Apart from being a win for transparency and open government, this case also is important for racial justice. As we identified in our briefing, CDCR has a history of racial bias, which the <a href="https://caselaw.findlaw.com/us-supreme-court/543/499.html">U.S. Supreme Court</a> and <a href="https://casetext.com/case/in-re-morales-50">California appellate courts</a> alike have recognized. That makes it all the more important for information about potential racial disparities in parole determinations to be open for the public to analyze and debate.</p>
1403 <p>Moreover, this case is a win for beneficial AI innovation. In a world where <a href="https://www.eff.org/issues/ai">AI</a> is often proposed for <a href="https://www.eff.org/deeplinks/2018/12/eff-urges-california-place-meaningful-restrictions-use-pretrial-risk-assessment">harmful</a> and <a href="https://www.eff.org/deeplinks/2019/09/dangerous-hud-proposal-would-effectively-insulate-parties-who-use-algorithms">biased</a> uses, Project Recon is an example of AI for good. Rather than substitute for human decision-making, the AI that Project Recon is attempting to build would shed a light on human decision-making by reviewing past decisions and identifying where bias may have played a role. This innovative use of technology to identify systemic biases, including racial disparities, is the type of AI use we should support and encourage.</p>
1404
1405 </div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/cases/voss-v-cdcr">Voss v. CDCR</a></div></div></div></description>
1406 <pubDate>Tue, 11 Aug 2020 23:24:22 +0000</pubDate>
1407 <guid isPermaLink="false">103559 at https://www.eff.org</guid>
1408 <category domain="https://www.eff.org/taxonomy/term/72">Legal Analysis</category>
1409 <category domain="https://www.eff.org/issues/ai">Artificial Intelligence & Machine Learning</category>
1410 <category domain="https://www.eff.org/issues/transparency">Transparency</category>
1411 <dc:creator>Saira Hussain</dc:creator>
1412 <dc:creator>Cara Gagliano</dc:creator>
1413 <dc:creator>Adam Schwartz</dc:creator>
1414 <enclosure url="https://www.eff.org/files/banner_library/artificial-intelligence-resized_0.png" alt="Artificial Intelligence" type="image/png" length="168355" />
1415 </item>
1416 <item>
1417 <title>On the Road to Victory for Human Rights in Mexico!</title>
1418 <link>https://www.eff.org/deeplinks/2020/08/road-victory-human-rights-mexico</link>
1419 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Mexico’s National Commission for Human Rights <a href="//r3d.mx/2020/08/10/cndh-considera-inconstitucionales-reformas-a-la-ley-federal-de-derecho-de-autor-y-al-codigo-penal-federa”">has taken a crucial step</a> towards averting a human rights catastrophe, <a href="https://www.cndh.org.mx/sites/default/files/documentos/2020-08/COM_2020_245.pdf">asking Mexico’s Supreme Court to assess the constitutionality of the Mexican copyright law</a>: The Commission stated that the law contains “possible violations of the rights to freedom of expression, property, freedom of commerce or work and cultural rights, among others.”</p>
1420 <p>Last month, <a href="https://www.eff.org/deeplinks/2020/07/legal-deep-dive-mexicos-disastrous-new-copyright-law">Mexico enacted a terrible new copyright law</a>, one that duplicated the worst aspects of the US copyright system without even including its (largely inadequate) protections. The new Mexican law–passed as part of Donald Trump's US-Mexico-Canada Agreement (USMCA)–is dangerous to the human rights of Mexican people and puts Mexican businesses at a permanent, structural disadvantage relative to companies in the USA and Canada.</p>
1421 <p>As we explained in detail, the law has wide-ranging impacts on Mexicans' human rights: from <a href="https://www.eff.org/deeplinks/2020/07/how-mexicos-new-copyright-law-crushes-free-expression">free expression</a> to <a href="https://www.eff.org/deeplinks/2020/07/mexicos-new-copyright-law-cybersecurity-and-human-rights">cybersecurity</a>; from <a href="https://www.eff.org/deeplinks/2020/07/disability-education-repair-and-health-how-mexicos-copyright-law-hurts-self">disability, education, health and repair</a> to <a href="https://www.eff.org/deeplinks/2020/07/mexicos-new-copyright-law-undermines-mexicos-national-sovereignty-continuing">national sovereignty</a> (you can <a href="https://www.eff.org/mexican-copyright-jul-2020.pdf">download all our analysis here</a>).</p>
1422 <p>EFF was proud to stand with the many Mexican civil society organizations, including <a href="https://r3d.mx/">R3D</a> and <a href="https://www.derechosdigitales.org/">Derechos Digitales</a>, and with the thousands of Mexican people who demanded that the National Commission for Human Rights bring the law before the Supreme Court of Justice on the basis of its blatant unconstitutionality. After all, <a href="https://www.eff.org/deeplinks/2020/07/how-mexicos-new-copyright-law-crushes-free-expression#mexican-free-expression">Mexico's free speech protections</a> are among the strongest in the world, and these protections were roundly ignored during the drafting of the new law.</p>
1423 <p>We are greatly cheered to learn that the Commission has petitioned the Supreme Court of Justice to overturn this law!</p>
1424 <p>However, this process of court review can take <em>years</em>, and every day that this law is in force, it creates real damage for the Mexican people and Mexican industry: pressuring companies to apply <a href="https://www.eff.org/deeplinks/2020/07/how-mexicos-new-copyright-law-crushes-free-expression#filters">automated speech filters</a>, exposing Internet users to <a href="https://www.eff.org/deeplinks/2020/07/natd">the danger of being "doxxed" for speaking out</a>, interfering with the <a href="https://www.eff.org/deeplinks/2020/07/disability-education-repair-and-health-how-mexicos-copyright-law-hurts-self#r2r">repair of medical and agricultural equipment</a> and preventing people with disabilities <a href="https://www.eff.org/deeplinks/2020/07/disability-education-repair-and-health-how-mexicos-copyright-law-hurts-self#adaptation">from adapting the technology they rely on</a>.</p>
1425 <p>Because of these real, ongoing harms, we call upon the Supreme Court of Justice to suspend this law pending its judgment. The Mexican people can't afford to wait years for their digital human rights to be recognized.</p>
1426 <p>(<em>Our thanks to Luis Fernando García Muñoz from R3D for his translation of the quotation from the Commission’s press release, above</em>)</p>
1427
1428 </div></div></div></description>
1429 <pubDate>Tue, 11 Aug 2020 17:52:05 +0000</pubDate>
1430 <guid isPermaLink="false">103545 at https://www.eff.org</guid>
1431 <category domain="https://www.eff.org/taxonomy/term/70">Commentary</category>
1432 <category domain="https://www.eff.org/issues/international">International</category>
1433 <category domain="https://www.eff.org/issues/trade-agreements">Trade Agreements and Digital Rights</category>
1434 <dc:creator>Cory Doctorow</dc:creator>
1435 <enclosure url="https://www.eff.org/files/banner_library/mexico-copyright-1.jpg" alt="" type="image/jpeg" length="46992" />
1436 </item>
1437 <item>
1438 <title>Guitar Villain? Ubisoft Patents Basic Teaching Techniques</title>
1439 <link>https://www.eff.org/deeplinks/2020/08/guitar-villain-ubisoft-patents-basic-teaching-techniques</link>
1440 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><span>In 2012, Ubisoft launched an educational </span><a href="https://www.eff.org/issues/video-games"><span>video game</span></a><span> called Rocksmith. The idea was simple: why get good at playing a toy guitar, as in games like “Guitar Hero,” when you can use—and learn to play—the real thing? Their game helps beginner musicians identify the skills they need to work on, and then helps them improve those skills by providing gradually more complex songs and exercises.</span></p>
1441 <p><span>These steps will sound familiar to anyone who has tried to learn an instrument. A teacher offers exercises, evaluates your performance, and adjusts the difficulty of the lesson to match your ability—keeping you from being bored or overwhelmed. This cycle of feedback is an example of a well-established teaching technique that many educational programs use to help users hone other skills, from language fluency to typing proficiency. Educational games, like Mario Teaches Typing (1992), have been using many of these techniques for </span><a href="https://edtechmagazine.com/k12/article/2020/04/microsoft-dos-and-long-history-educational-games"><span>several decades</span></a><span>. Is adding a guitar to the picture really that innovative?</span></p>
1442 <p><span>According to Ubisoft, one of the world’s largest game developers, this idea is so innovative that it’s worthy of a patent. The company managed to claim this idea in US Patent No. </span><a href="https://patents.google.com/patent/US9839852/en%5D"><span>9,839,852</span></a><span>,</span><span> titled "Interactive Guitar Game,” even though the date of Ubisoft’s supposed “invention” was November 21, 2008—three years after Guitar Hero was </span><a href="https://en.wikipedia.org/wiki/Guitar_Hero_(video_game)"><span>released</span></a><span>.</span></p>
1443 <p><span>Ubisoft’s patent says the claimed invention offers benefits beyond other learning materials like CDs, books, or even private instructors. But these benefits require seriously understating the efficacy of those well-established teaching materials. For example, the patent slams music books as “necessarily static” materials that “provide a limited instructional capability,” and private instructors as so “limited in both time and depth” that learning from them “may limit the student’s creativity and spontaneity.” Even if these statements were true, they are irrelevant: benefits like flexibility and limitless capacity are benefits that come from advances to computer and networking technology—not anything Ubisoft developed for its particular game.</span></p>
1444 <p><span>The claims of Ubisoft’s patent don’t include anything that could be inventive. The first claim is for a computer program that performs basic steps: it presents fingering notations on a display device, receives signals back from a guitar input device that a user plays, assesses the user’s performance of the song, changes the difficulty level, and generates <span>“</span>at least one mini-game.<span>”</span> That’s it. </span></p>
1445 <p><span>This program sounds like most educational video games—it evaluates a player's performance and generates engaging ways to improve. While using your </span><i><span>actual</span></i><span> guitar to play some kicking ska bops sounds </span><i><span>totally rad</span></i><span>, Ubisoft’s patent doesn’t say anything about how to do that. It just combines old teaching techniques with old video game technology. Is this really something that can be patented? </span></p>
1446 <p><span>That question was raised in 2018 when Ubisoft sued a Finnish startup called Yousician Oy, which develops a phone app for learning to play musical instruments</span><i><span>.</span></i><span> Ubisoft, an industry giant with over $1 billion in revenue, claimed that Yousician's learning software infringed their "interactive guitar game" patent. If Yousician lost the suit, the company would have been required to pay damages to Ubisoft, and could have been required to cease offering interactive guitar lessons altogether. Yousician countered that the case should be dismissed because the patent’s subject matter was not eligible for protection under Section 101 of the U.S. Patent Act.</span></p>
1447 <p><span>Section 101 may be familiar to readers of our </span><a href="https://www.eff.org/issues/stupid-patent-month"><span>Stupid Patent of the Month</span></a><span> posts. This part of the Patent Act helps ensure the patent system promotes innovation by limiting what can be patented. Section 101 prohibits patents on laws of nature, things that exist in nature, and abstract ideas. These are basic building blocks of science that no one could have invented, and all of us need to fuel further innovation.</span></p>
1448 <p><span>These limitations are powerful weapons against software patent trolls. Software patents often claim an old idea in very broad terms, and add something non-abstract in technical jargon that effectively means “on a general-purpose computer.” Many of these patents should never have been granted, but trolls earn money from them anyway. In part, that’s because so many companies—especially smaller ones without deep pockets— settle out of court rather than risk losing more money in legal fees by challenging a patent. In </span><a href="https://www.eff.org/deeplinks/2018/06/happy-birthday-alice-four-years-busting-software-patents"><span>2014’s Alice v. CLS Bank decision</span></a><span>, the Supreme Court made clear that courts can reject patents under Section 101 early in a case before the expensive discovery stage of litigation begins. That has made it possible for many small businesses to fight back, including many who have shared their experiences in our </span><a href="https://www.eff.org/alice"><span>Saved by Alice</span></a><span> project.</span></p>
1449 <p><span>The Ubisoft case shows how Section 101 can also protect smaller companies and consumers from bogus monopolies the patent system would otherwise create.</span></p>
1450 <p><span>On August 9th of last year, the U.S. District Court for Eastern District of North Carolina agreed with Yousician, holding that the Ubisoft patent doesn’t claim patent-eligible subject matter. Ubisoft appealed this decision, arguing the court had oversimplified the patent, but the U.S. Court of Appeals for the Federal Circuit upheld the decision this June, and the district court closed the case on July 20th.</span></p>
1451 <p><span>The Federal Circuit rejected Ubisoft’s attempt to patent old teaching techniques by putting them into a video game. "Here, the claims recite nothing more than a process of gathering, analyzing, and displaying certain results," <a href="http://www.cafc.uscourts.gov/sites/default/files/opinions-orders/19-2399.OPINION.6-11-2020_1602236.pdf">wrote the three-judge panel</a>. "The mini-game generation step is ... no different from the ordinary mental processes of a guitar instructor teaching a student how to play the guitar." </span></p>
1452 <p><span>Cases like this are important in ensuring the U.S. patent system actually does what is meant to do—promote the advancement of knowledge and ensure its accessibility to the public. In the past year, we’ve </span><a href="https://www.eff.org/deeplinks/2019/06/it-should-be-clear-now-messing-patent-laws-section-101-bad-idea"><span>fought back against patent trolls, powerful interest groups, and big pharma companies</span></a><span>, all of whom are </span><a href="https://www.eff.org/deeplinks/2019/05/terrible-patent-bill-way"><span>seeking to weaken Section 101</span></a><span> so they can monopolize and profit from knowledge that is, and should remain, available to us all. The patent system is supposed to benefit the public as a whole, not be a bludgeon for powerful entities trying to amass and maintain monopolies. When the patent system puts the preferences of patent owners above the public’s interest, we lose options as consumers as well as the freedom to create, tinker, and play. That's why EFF will keep fighting for a robust, strong Section 101. Let's</span><span> ensure that companies can't monopolize old ideas by just waving their hands at basic computer technology the public has used for decades.</span></p>
1453
1454 </div></div></div></description>
1455 <pubDate>Mon, 10 Aug 2020 22:27:36 +0000</pubDate>
1456 <guid isPermaLink="false">103552 at https://www.eff.org</guid>
1457 <category domain="https://www.eff.org/issues/stupid-patent-month">Stupid Patent of the Month</category>
1458 <category domain="https://www.eff.org/issues/patents">Patents</category>
1459 <category domain="https://www.eff.org/issues/video-games">Video Games</category>
1460 <dc:creator>Rory Mir</dc:creator>
1461 <enclosure url="https://www.eff.org/files/banner_library/OG-stupid-patent.png" alt="" type="image/png" length="139953" />
1462 </item>
1463 <item>
1464 <title>Final Weekend for EFF's 30th Anniversary Challenge Coin</title>
1465 <link>https://www.eff.org/deeplinks/2020/08/final-weekend-get-eff-30th-anniversary-challenge-coin</link>
1466 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>To celebrate the <a href="https://www.eff.org/tags/eff30">Electronic Frontier Foundation's 30th anniversary</a>, both new and upgrading recurring supporters can claim a first-of-its-kind EFF challenge coin as a token of thanks. These coins will be individually numbered for each supporter and are only available until Sunday night, August 9, 2020 at 11:59 pm PT. Challenge coins follow a long tradition of offering a symbol of kinship and respect for great achievements—and we owe our strength to folks like you.</p>
1467 <p>To be eligible for an EFF anniversary challenge coin, <a href="https://supporters.eff.org/donate/30for30r--CD">start a new recurring donation</a> beginning at the monthly Copper Level ($5) or annual Silicon Level ($20), and you'll automatically get this special-edition EFF challenge coin at the shipping address you provide during your donation.</p>
1468 <p class="take-action"><a href="https://supporters.eff.org/donate/30for30r--CD">Keep EFF Going Strong</a></p>
1469 <p class="take-explainer">Start a Monthly or Annual Recurring Contribution</p>
1470 <h4>For Current Recurring Donors</h4>
1471 <p>Any existing monthly or annual recurring donor who increases their donation (by $5 or more for monthly, or $25 or more for annual) is also eligible for a challenge coin; simply <a href="https://supporters.eff.org/recurring">make the change</a> and then email us at <a href="mailto:membership@eff.org?subject=Recurring%20donors'%20challenge%20coin&amp;body=Date%20of%20Donation%20Change%3A%20%0AShipping%20Address%3A%20">membership@eff.org</a>.</p>
1472 <p>If you have a recurring donation via PayPal, you aren't able to edit amounts, so simply cancel your current donation setup in PayPal and <a href="https://supporters.eff.org/donate/30for30r">start a new one at the upgraded amount</a>. Contact us at <a href="mailto:membership@eff.org">membership@eff.org</a> for any assistance with that process.</p>
1473 <p></p><center><div class="caption caption-center"><div class="caption-width-container"><div class="caption-inner"><a href="https://supporters.eff.org/donate/30for30r--CD"><img src="https://www.eff.org/files/2020/07/27/lths-t_fb_1200.png" alt="Blue t-shirt with EFF30 on the front and lighthouse and sea monster on the back" /></a><p class="caption-text">Also get EFF 30th Anniversary Apparel as your membership gift</p></div></div></div></center>
1474 <p>EFF's work is sustained by thousands of people from every imaginable background giving modest donations when they can. Continued support each year (or each month!) ensures that we can continue fighting harder for a brighter digital future each day. <a href="https://supporters.eff.org/donate/30for30r--CD">With your help</a>, EFF is here to stay.</p>
1475
1476 </div></div></div></description>
1477 <pubDate>Sat, 08 Aug 2020 19:34:26 +0000</pubDate>
1478 <guid isPermaLink="false">103541 at https://www.eff.org</guid>
1479 <category domain="https://www.eff.org/taxonomy/term/68">Announcement</category>
1480 <dc:creator>Aaron Jue</dc:creator>
1481 <enclosure url="https://www.eff.org/files/banner_library/challenge-3f_1000.jpg" alt="EFF 30th Anniversary Challenge Coin" type="image/jpeg" length="132753" />
1482 </item>
1483 <item>
1484 <title>EFF Joins SPLC Letter to Georgia High School Expressing Concern Over Restriction to Students’ Free Speech</title>
1485 <link>https://www.eff.org/deeplinks/2020/08/eff-joins-splc-letter-georgia-high-school-expressing-concern-over-restriction</link>
1486 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>The First Amendment includes the right to use technology to create and preserve images, and otherwise collect information, of newsworthy events. This issue has arisen in numerous contexts, including the right to record the police performing police-work, and we have filed several amicus briefs that have helped firmly establish that <a href="https://www.eff.org/deeplinks/2020/06/you-have-first-amendment-right-record-police">right</a> in the law.</p>
1487 <p>Consistent with this, we <a href="https://splc.org/2020/08/splc-sends-letter-of-concern-to-n-paulding-high-school-admin-and-school-board-over-free-speech-restrictions/">joined a letter</a> protesting the actions of officials at a high school in Georgia who <a href="https://www.nytimes.com/2020/08/06/us/north-paulding-high-school-coronavirus-georgia.html?referringSource=articleShare">suspended</a> a 15-year old student for <a href="https://twitter.com/ihateiceman/status/1290728743263252480">posting</a> a photograph of the school's crowded hallways to Twitter. The photograph, of the school's second day back in operation, illustrated what the student perceived to be the serious public health danger in the school's reopening. The student tweeted a photograph showing crowded hallways on the first day of school, which was widely circulated on social media. The student was initially suspended for five days, but the suspension was revoked after two days and purportedly removed from her record. According to news reports, at least one other student was also suspended and then reinstated. The school also <a href="https://www.buzzfeednews.com/article/mollyhensleyclancy/georgia-school-reopening-photo-paulding-county">reportedly</a> <a href="https://splc.org/2020/08/splc-sends-letter-of-concern-to-n-paulding-high-school-admin-and-school-board-over-free-speech-restrictions/">warned</a> students over the intercom system that “‘there will be consequences for anyone who sends things out' that shows the school in a negative light."</p>
1488 <p>As the letter acknowledges, students have robust First Amendment rights to both make and distribute photographs of their school:</p>
1489 <blockquote><p>In its landmark decision, the U.S. Supreme Court made clear that students in school have important First Amendment rights that protect their ability to talk about and share information with others, particularly about matters of public concern. “Students in school, as well as out of school,” the Court said, “are ‘persons’ under our Constitution. They are possessed of fundamental rights which the State must respect....” , 393 U.S. 503, 511 (1969).</p>
1490 <p>....</p>
1491 <p>While we understand that emotions around school reopening decisions are charged and that you have faced significant criticism for decisions outside of your control, students, teachers and staff nevertheless have the right to speak accurately and lawfully about their school day, even when that speech may be unflattering to the school. Instead of addressing these concerns, NPHS has sought to impose harsh penalties against those who speak out and chill the speech of others who may have similar concerns. Unconstitutionally prohibiting students from speaking about the conditions of the school does not change the conditions of the school or the concerns they have; it only fosters mistrust and fear.</p>
1492 </blockquote>
1493 <p> We acknowledge that in some situations, there may be countervailing privacy concerns that might justify restrictions on both creating and distributing images of students in school. This privacy concern is acknowledged in the school's student rules, though the particular rule, requiring the permission of an administrator before using any visual recording device is insufficiently tailored to that interest.</p>
1494 <p>In this situation, however, the student's right to create and publish the image prevails. The image itself is mostly of students' backs, with only a few faces visible. The privacy invasiveness appears minimal in light of the high newsworthiness.</p>
1495
1496 </div></div></div></description>
1497 <pubDate>Fri, 07 Aug 2020 21:58:16 +0000</pubDate>
1498 <guid isPermaLink="false">103538 at https://www.eff.org</guid>
1499 <category domain="https://www.eff.org/issues/free-speech">Free Speech</category>
1500 <category domain="https://www.eff.org/issues/covid-19">COVID-19 and Digital Rights</category>
1501 <dc:creator>David Greene</dc:creator>
1502 <enclosure url="https://www.eff.org/files/banner_library/icon-2019-freespeech.png" alt="A multi-colored bullhorn icon surrounded by grey-blue hexagons" type="image/png" length="14323" />
1503 </item>
1504 <item>
1505 <title>Victory! EFF Defends Public’s Right to Access Court Records About Patent Ownership</title>
1506 <link>https://www.eff.org/deeplinks/2020/08/victory-eff-defends-publics-right-access-court-records-about-patent-ownership</link>
1507 <description><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p> The public’s right of access to court proceedings is well-established as a legal principle, but it needs constant defending. In part, that’s because private parties keep asking publicly-funded courts to resolve their disputes in secret. As <a href="https://www.eff.org/deeplinks/2019/10/patents-are-about-sharing-information-public-dont-shroud-them-secrecy">we</a> and <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2334417">others</a> have written before, this problem is especially great in patent cases, where parties on opposite sides of a case often agree with each other to keep as much of the litigation as possible hidden from view. That deprives the public of material it has every right to see that could affect its rights to engage, like documents establishing (or undermining) a patent owner’s right to bring suit on the basis of a patent which they claim to own.</p>
1508 <p>Although this problem is pervasive, when we looked at a lawsuit filed by Uniloc—one of the most litigious patent trolls in the world—the amount of secrecy the parties agreed to was shocking. In <em><a href="https://www.eff.org/cases/uniloc-v-apple">Uniloc v. Apple</a>,</em> important, dispositive motion papers were filed with entire pages of text redacted, including information that could not possibly qualify as confidential, like case law citations. And what were those papers about? Whether Uniloc had the right to sue anyone, including Apple, for infringing the patents in the case. Because Uniloc is a prolific patent litigant—filing more than 170 patent infringement lawsuits in 2018 alone—questions about its right to sue have powerful ramifications on the public, including makers and users of a wide array of technology products.</p>
1509 <p>When EFF saw how egregious the sealing of these court records was, we reached out to the parties and told them the public’s right of access extended to much, if not all, of what had been filed under seal. When it became clear that Uniloc would not modify its sealing requests, we filed a motion to intervene and to unseal everything. The judge in this case agreed with us, <a href="https://www.eff.org/deeplinks/2019/01/federal-court-orders-patent-troll-cant-hide-its-machinations">ruling</a> that the redactions were wildly improper and ordered everything unsealed.</p>
1510 <p>Instead of appealing that decision, Uniloc tried to modify its sealing requests and asked the court for a second chance. No such luck: Judge William Alsup <a href="https://www.eff.org/deeplinks/2019/05/court-refuses-keep-patent-licensing-secrets">refused</a>, holding that Uniloc could and should have made a proper sealing request in the first instance, instead of trying to see how much secrecy it could get away with in court. He also granted EFF leave to intervene to defend the decision on appeal if Uniloc chose to challenge it; after all, the other party in the case, Apple, had taken no position on any of Uniloc’s sealing requests. When Uniloc did appeal, EFF <a href="https://www.eff.org/document/eff-second-corrected-response-brief">stepped in to defend</a> the decision on the public’s behalf.</p>
1511 <p>Last month, the Federal Circuit, <a href="http://www.cafc.uscourts.gov/sites/default/files/opinions-orders/19-1922.OPINION.7-9-2020_1616049.pdf">in a unanimous decision,</a> overwhelmingly upheld Judge Alsup’s decision. Importantly, it rejected Uniloc’s attempt to winnow the public’s right of access, confirming that “all filings were presumptively accessible, and it was Uniloc’s duty to provide compelling reasons for shielding particular materials from public view.” It also agreed that “Uniloc’s original sealing request was grossly excessive,” and a “particularly flagrant” violation of the court’s local rules regarding sealing requests. In all, Judge Alsup was well within his discretion to deny it in full, without giving Uniloc the privilege of trying again.</p>
1512 <p>The Federal Circuit recognized that district courts need and should exercise their discretion to deny improper sealing requests. The opinion pointedly notes that trial court judges are “heavily burdened with the task of resolving complex legal and factual disputes,” and “should not be forced to spend large swaths of their time struggling to rein in overzealous efforts to seal,” before approving of the message sent by the district court’s decision—“that litigants should submit narrow, well-supported sealing requests in the first instance, thereby obviating the need for judicial intervention.”</p>
1513 <p>However, one aspect of Judge Alsup’s decision was not affirmed: the decision to lump a document containing third-party information into the same category as information about Uniloc. For this document, which identifies companies that licensed certain of Uniloc’s patents and the amounts they paid, the Federal Circuit found the district court had not made enough findings for it to review the decision, and remanded the case to the district court to make “particularized determinations.” We will keep watching—and, if necessary, fighting—to make sure the public’s right of access gets the weight it deserves.</p>
1514 <p>The Federal Circuit’s decision is a victory for the public, which has waited far too long to see court records to which it has a strong presumption of rightful access. It is also a defeat for Uniloc, which tried, but failed, to avoid the default rule of public access throughout these proceedings. We hope this outcome sends a strong message to Uniloc and other patent litigants that their preference for secrecy cannot overcome the public’s right to know what happens in our courts. </p>
1515
1516 </div></div></div></description>
1517 <pubDate>Fri, 07 Aug 2020 18:43:13 +0000</pubDate>
1518 <guid isPermaLink="false">103534 at https://www.eff.org</guid>
1519 <category domain="https://www.eff.org/issues/patents">Patents</category>
1520 <dc:creator>Alex Moss</dc:creator>
1521 <enclosure url="https://www.eff.org/files/banner_library/patent-troll-warning.png" alt="Patent Troll warning sign: Do Not Feed the Troll" type="image/png" length="339880" />
1522 </item>
1523 </channel>
1524 </rss>