Feed aggregator

Mandatory Reporting of User Content Chills Speech and Violates Privacy Rights

EFF's Deeplinks -

EFF joined a broad coalition of 31 organizations in sending a letter to Senate leadership opposing an unconstitutionally vague law that would require Internet companies to report to the government when they obtain “actual knowledge” of any “facts and circumstances” related to “terrorist activity.” Section 603 of the Intelligence Authorization Act for Fiscal Year 2016 (S. 1705), which does not define “terrorist activity,” raises significant First and Fourth Amendment concerns, including the chilling of protected speech and the warrantless search and seizure of private electronic content. 

First Amendment Concerns

The most obvious flaws in Section 603 are its vagueness and overbreadth: it will chill wholly legal speech and conduct. The key reason is that there is no clear agreement in U.S. society about what counts as “terrorism” (and triggers mandatory reporting). The single, tiny island of clarity in the term “terrorist activity” is one non-exclusive reference to 18 U.S.C. § 842(p), which makes it unlawful for a person to distribute information relating to explosives if the person has knowledge that the recipient intends to use the information to commit a violent crime. Otherwise, Section 603 is a Rohrschach blot. 

Because Section 603 leaves both companies and users uncertain as to what exactly triggers the mandatory reporting requirement, this vague obligation to report will encourage service providers to broadly implement the law and will, in turn, encourage users to self-censor to avoid being reported to the federal government as possible “terrorists.” Without further clarification, the law will likely put innocent political activists, journalists, engaged citizens, professors and students participating in wholly lawful debate and research under a cloud of suspicion. For many, the risk of being put on a mysterious government watch list will more often than not outweigh the benefit of speaking.

With limited context for, say, a tweet or private direct message, service providers will err on the side of over-reporting and submit First Amendment-protected speech through content-flagging or automated monitoring systems. Section 603 includes a “protection of privacy” subsection, which clarifies that nothing in the provision “may be construed to require [a] service provider…to monitor any user…or the content of any communication.” Yet this “protection” does little to counteract the pressure on intermediaries to monitor their users’ behavior and content. While intermediaries often rely on content-flagging systems that enable users to report apparent unlawful or abusive activity of other users, this mechanism is prone to fraudulent notices. An automated monitoring system based on keywords would allow intermediaries to avoid having to themselves make decisions about their users’ content. But because it’s not obvious what constitutes “terrorist activity,” a user could be reported any time she uses a buzzword related to terrorist groups, the Middle East, U.S. foreign policy, or a particular political ideology. 

Fourth Amendment Concerns

Section 603 not only chills lawful speech, it also tries to evade constitutional barriers that protect against unreasonable searches and seizures of private communications by the government.

EFF has consistently argued that a warrant based on probable cause is required for compelled government access to content stored by “cloud” service providers. In United States v. Warshak, the Sixth Circuit held that the government cannot access email content without a warrant because users have a Fourth Amendment-protected reasonable expectation of privacy in the email content that they store with these intermediaries.

While Section 603 does not permit the government to demand the production of content, it does require Internet companies to report content—including private content—reflecting “terrorist activity.” There is no question that this kind of mandatory reporting statute is subject to Fourth Amendment scrutiny, not unlike the ordinance found unconstitutional in Los Angeles v. Patel.

The applicability of the Fourth Amendment is particularly important given the amount of private content the government will acquire under this provision. As noted above, this mandatory provision will encourage companies to over-report both public and private content to the government. This will enable the government to evade normal due process requirements—including meeting legal standards such as probable cause and submitting to judicial review—while collecting much private content protected by the Fourth Amendment.

Future Action

Section 603’s constitutional implications have not gone unnoticed in Congress. On July 27, the Senate was set to pass the bill by unanimous consent until Sen. Wyden objected to this expedited procedure. The Senate will now have to engage in the normal process of debate and amendment, or remove this provision from the bill to prompt Sen. Wyden to withdraw his objection and enable the bill to pass by unanimous consent. The government should not be permitted to evade constitutional limits by turning private companies into watchdogs with no leashes. We urge Senate leadership to withdraw Section 603 from the intelligence authorization bill.

Post co-authored by EFF Legal Intern Erica Fisher

Related Issues: Free SpeechPrivacyRelated Cases: Warshak v. United StatesCity of Los Angeles v. Patel
Share this:   ||  Join EFF

New TPP Leaked Text Reveals Countries' Weakening Resistance to Copyright Maximalist Proposals

EFF's Deeplinks -

When we wrote about the intermediary liability provisions in a reported May 2015 leak of the Intellectual Property chapter of the Trans-Pacific Partnership (TPP) last month, we hadn't actually seen the text. But thanks to the publication of that leak by Knowledge Ecology International yesterday and today, we now have a far better understanding of the current state of play—including some of the reasons why the most recent round of negotiations in Maui fell apart.

Pushback Against Extreme Proposals

For starters, countries are resisting U.S. negotiators' audacious proposal to distort trade secrets law into a weapon against hackers, journalists, and whistleblowers. There are two new proposals in this leaked text, one of which the U.S. itself supports, to allow countries to adopt a narrow safe harbor for whistleblowers in respect of information that exposes a violation of the law. But this is far from enough. The safe harbor isn't compulsory and it doesn't apply to leaks of information that are of vital public interest, but that don't expose illegality—such as the TPP text itself.

Another important area of dissent from the U.S. negotiators' hard line appears in the Enforcement section of the IP chapter [PDF], in which every single country is now lined up against the U.S. in favor of a remedy for victims of wrongful copyright abuse. The provision that they seek would provide:

Each Party shall ensure that its judicial authorities shall have the authority to order a party at whose request measures were taken and who has abused enforcement procedures to provide the party wrongfully enjoined or restrained adequate compensation for the injury suffered because of such abuse. The judicial authorities shall also have the authority to order the applicant to pay the defendant expenses, which may include appropriate attorney’s fees.

This is a modest provision, which doesn't even go as far as the existing law in some of the TPP countries, such as Australia. Since the proposal is also apparently consistent with section 512(f) of the U.S. Copyright Act, one has to ask why the U.S. administration wishes to prevent its trading partners from adopting a basic protection for victims of copyright trolls that already exists in U.S. law.

The text also reveals that Australia is also objecting to “country-specific outcomes” in the provisions on ISP liability. This is apparently an oblique reference to its desire for a footnote in the text allowing it to opt for the TPP's relatively more flexible ISP liability rules over the DMCA-clone rules that it was coerced into accepting in its 2005 Free Trade Agreement with the United States.

As in previous drafts, most countries remain opposed to a worrying U.S. proposal to limit the Internet retransmission of television broadcasts without the authorization of the rights holder of the broadcast content—and, tellingly, that of the rights holder of the broadcast signal itself. This presages the expected accession of the United States to a future WIPO Broadcasting Treaty. The treaty could grant broadcasting corporations new copyright-like rights over their signals, as a further weapon against Internet-based services that reuse broadcast content in innovative ways.

The Big Content Agenda Remains Intact

Despite a few such modest challenges to the USTR's copyright maximalist agenda, other restrictive U.S. proposals are little changed from previous drafts of the text, and there is no evidence that the other countries are resolved to opposing them. Just to highlight a few of these:

  • The prospect of the TPP requiring massively disproportionate damages awards for copyright infringement remains fully alive. The text continues to authorize a court to consider “any legitimate measures of value the rights holder submits, which may include lost profits, the value of the infringed goods or services measured by the market price, or the suggested retail price.”
  • This is in addition to offering pre-established damages at the election of the rights holder, which are to be set at a level not only to compensate the rights holder but also to deter future infringements. Countries that do not offer pre-established damages must instead allow their courts to order “additional damages,” such as exemplary or punitive damages, that go beyond compensating the rights holder for its actual loss.
  • The text allows authorities to seize not only “suspected infringing goods” but also “materials and implements relevant to the infringement,” such as a server used to host infringing materials. In criminal cases, authorities are also explicitly authorized to destroy those goods, and the U.S. is opposing that this be limited to goods that have been “predominantly” used in the creation of infringing copies—thus a server could be seized and destroyed even if it hosted many non-infringing websites.
  • The text continues to define “commercial scale” infringement, being the threshold over which criminal sanctions apply, to include “significant acts, not carried out for commercial advantage or financial gain, that have a substantial prejudicial impact on the interests of the copyright or related rights holder in relation to the marketplace.” Such provisions could be targeted at fans offering non-profit services such as native language subtitling for films, to give just one example.
User-Allied Countries Are Buckling

In a few instances we can actually see opposition to the copyright maximalist agenda weakening. The most concerning example of this is in the case of the provisions against circumvention of DRM. In the earlier draft, two countries objected to the requirement that there should be criminal penalties for those who provide devices that can circumvent DRM—now, that opposition has withered away to nothing.

Similarly, Australia has dropped its support of New Zealand's proposal that laws against DRM circumvention could be limited to cases where the circumvention involves an act of copyright infringement. This modest proposal reflects the law in countries such as India, and is consistent with the policy behind a U.S. federal court decision that cleared a company of responsibility for authorizing its users to remove DRM from their lawfully-purchased books, as well as with the Marrakesh Treaty which allows DRM circumvention for the blind and visually impaired. With Chile now also acceding to a related provision that requires the offense of DRM circumvention to be made independent of that of copyright infringement, the last trace of opposition to unbalanced anti-circumvention laws has been stricken from the TPP.

It's doubtless that text has changed again during the last negotiating round, but how much faith can we have that it will have changed in a way that is favorable to users? If we compare the last leaked draft to this one, the minor improvements can be counted on the fingers of one hand, while there are many more provisions that remain as bad as they ever were—and opposition to them is dwindling. Chances are, the main difference between this leak and the current, still-secret text is that users' rights have been sidelined even further in favor of big content lobbyists.

As the output of a thoroughly captured and opaque process, this should come as no surprise. But the inevitability that the TPP will be bad for users doesn't mean that we are resolved to accept its passage into law. It's not too late for you to take action, and help to kill this illegitimate and undemocratic agreement once and for all.


If you're in the United States, sign this petition urging the U.S. Copyright Office to reaffirm its call for balanced policy.

If you're in Canada, take action by sending an email to party leaders urging them to speak out against this unwarranted copyright term extension in the TPP.

If you're in Malaysia, urge your country's negotiators to resist pressure to increase the copyright term by 20 years.

Related Issues: Fair Use and Intellectual Property: Defending the BalanceInternationalTrade Agreements and Digital RightsTrans-Pacific Partnership Agreement
Share this:   ||  Join EFF

Deals of the Day (8-05-2015)

Liliputing -

The Asus Transformer Book T100 is a 10 inch Windows tablet with an Intel Atom Bay Trail processor, long battery life, and a detachable keyboard dock that lets you use the tablet as a notebook. It’s not the best notebook or tablet that money can buy, but it’s cheap, portable, and good enough for many […]

Deals of the Day (8-05-2015) is a post from: Liliputing

Malaysia Doesn't Need Another 20 Years of Copyright

EFF's Deeplinks -

The following is a guest post from Dr Shawn Tan, CEO of Aeste Works, a Malaysian software and hardware engineering firm.

Reading the Copyright Act 1987 of Malaysia, the duration of protection extended to copyright holders is presently enumerated by several provisions under Part III of the Act.

The general duration of protection for literary, musical or artistic works is 50 years after the death of the author. This may be extended for posthumous publications by up to another 50 years if the work was only published well after the death of the author.

If copyright extensions were allowed, this could effectively render a work as protected under copyright for a period of more than 100 years after the death of the author. To say that such an extended period of protection is excessive for a country that is only celebrating its 58th year of independence this year, is an understatement.

To make matters worse, the law applies retrospectively and the copyright extension sought could cover published works from the early days of our nations' birth that are just coming onto public domain, keeping important memories out of the reach of our own artists and local content creators.

For instance, filmmaker and musician Pete Teo could have faced fines or incarceration for mashing up 50-year old video footage of Malaysia's independence ceremony into a new music video by digitally inserting contemporary characters into the footage, if the copyright had been extended before this.

Whenever lawmakers make proposals to strengthen intellectual property law, one of the justifications they give is that intellectual property is essential to provide an incentive for creators, particularly in the high-growth technology and services sectors. However, this is not supported by facts.

The fact that computer software is protected for 50 years after it was published is already pretty much a standing joke in the industry, given that software becomes nothing more than a historical curiosity in a fraction of that length of time. In fact, the technology industry is fast discarding the idea of intellectual property protectionism and finding that open collaboration often produces better results.

All in all, the extension of copyright duration offers nothing but additional costs and complications for Malaysian content creators and technology innovators who do not wish to see our creativity stifled by additional copyright barriers erected all around us.

Malaysia should stand firm and oppose the U.S. forcing us to change our law, to protect Hollywood's profits, and to defend us from intellectual property colonialism instead.

On our TPP's Copyright Trap page we link to more articles about how the threat of copyright term extension under the TPP impacts users around the world.

Related Issues: Trans-Pacific Partnership AgreementTPP's Copyright Trap
Share this:   ||  Join EFF

New Effort to Rebut Torture Report Undermined as Former Official Admits the Obvious

The Intercept -

Former top CIA officials planning a major public-relations campaign to rebut the Senate torture report’s damning revelations have found themselves undermined by one of their own.

Eight former top officials wrangled by Bill Harlow — the former CIA flak who brought us the CIASavedLives.com website after the Senate report was issued last December — are publishing a book in the coming weeks entitled “Rebuttal: The CIA Responds to the Senate Intelligence Committee’s Study of Its Detention and Interrogation Program.”

Meanwhile, however, Alvin Bernard “Buzzy” Krongard, who was the CIA’s executive director from 2001 to 2004 — the number-three position at the agency — was asked on a BBC news program if he thought waterboarding and putting a detainee in painful stress positions amounted to torture.

“Well, let’s put it this way, it is meant to make him as uncomfortable as possible,” he said. “So I assume for, without getting into semantics, that’s torture. I’m comfortable with saying that.”

He added: “We were told by legal authorities that we could torture people.”

The book’s contributors include former CIA directors George Tenet, Porter Goss, and Michael V. Hayden, former deputy directors John McLaughlin and Michael Morrell, former counterterrorist center deputy director J. Philip Mudd, former chief legal counsel John Rizzo, and former head of the clandestine service Jose A. Rodriguez, Jr.

All of them were complicit in the Bush administration torture regime and/or its cover up.

The book is intended to present the “rest of the story,” according to is promotional material. If past protestations from its authors are any guide, the book will also include many spurious examples intended to prove that the program “saved lives.”

As I wrote in December, right after the Senate Intelligence Committee released a redacted version of the executive summary of its report, the fact that torture accomplished nothing is an existential threat to the CIA, because officials there knew from early on that showing it had saved lives was vital to public acceptance, and to avoiding prosecution.

The book will also likely focus on the legal authorizations, which CIA officials have said made them comfortable that what they were doing was not technically torture.

And that’s where Krongard’s confession will be so damaging: It makes it clear that CIA officials knew what torture was, knew they had been given legal cover to torture, and knew they were engaged in torture.

Caption: Screen capture of Alvin Bernard “Buzzy” Krongard from the BBC news program video.

The post New Effort to Rebut Torture Report Undermined as Former Official Admits the Obvious appeared first on The Intercept.

Qualcomm Snapdragon 820 details leaked

Liliputing -

Qualcomm has been one of the dominant players in the smartphone and tablet chip space in recent years,  but the company’s latest high-end processor has taken a bit of heat… literally. Soon Qualcomm will introduce its next-gen powerhouse, but some data about the upcoming Qualcomm Snapdragon 820 processor has leaked a bit early, giving us […]

Qualcomm Snapdragon 820 details leaked is a post from: Liliputing

DHS Agrees with EFF: Senate's CISA "Cybersecurity" Bill Will Damage Privacy

EFF's Deeplinks -

The Department of Homeland Security (DHS), the lead agency tasked with protecting civilian government computer systems, agrees that the Senate's Cybersecurity Information Sharing Act (CISA) is fundamentally flawed. DHS's letter to Senator Al Franken, which voiced many concerns about the bill, joins the chorus of criticisms raised by computer scientists, privacy advocates, and civil society organizations. It's the clearest sign yet that the Senate should kill this bill.

The letter explains why the bill won’t—and can’t—protect users' privacy: CISA simply doesn’t make companies remove unrelated personal information before sending “threat” information to the government.

DHS derides the bill's failure to mandate a privacy scrub of personal data, explaining that DHS will be forced to "contribute to the compromise of personally identifiable information by spreading it further." Companies and the government should be securing our personal information, not sharing it unnecessarily.  

The DHS letter also contradicts, yet again, the tired and tiresome claim that the information shared under CISA will be vital to protecting computers. According to DHS, the bill may not help security because its broad definitions may lead to "receiv[ing] large amounts of information with dubious value." CISA’s defenders seem to think that if some information sharing is good more must be better—right? That’s the same bad logic that undergirded the Section 215 call detail records program, and the same bad logic that defined “relevant” as “everything.” The fact is, companies and the government can (and do) already share technical information through ISACs, private communications, public releases, and the DHS's Enhanced Cybersecurity Service.  

What we’ve not seen is fact-based explanation of why CISA’s massive increase in information sharing is useful from a marginal or incremental benefit perspective—even if we put privacy and civil liberties concerns to the side. It’s just assumed and incanted.  

If CISA’s defenders had to pay attention to facts, they’d have to explain how that increased information sharing would address the recent, highly publicized computer security problems that were caused by unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) clicking malware links. Frankly, not taking basic precautions seems like a much bigger problem than not knowing enough about threats. 

The DHS letter agrees with many of the points we highlighted in last week's Week of Action opposing CISA. It notes that the bill's grant of new spying powers and broad legal immunity could "sweep away important privacy protections, particularly the provisions in the Stored Communications Act." If that sounds familiar, it should: when CISA was first released we warned:

Existing private rights of action for violations of the Wiretap Act, Stored Communications Act, and the Computer Fraud and Abuse Act would be precluded or at least sharply restricted.

DHS also criticized the bill's vague definitions, especially "the expansive definitions of cyber threat indicators and defensive measures in the bill." We agree. And it's only one of the many reasons CISA should die. Unintended consequences result when Congress passes poorly drafted bills. The Senate should finally put this zombie bill to rest. 


The Week of Action saw users send over 6 million faxes to Senators demanding they oppose CISA. Congress has heard from voters, computer security experts, civil society organizations, privacy advocates, and companies opposing CISA. Maybe the Senate will listen to the agency overseeing the current cybersecurity information sharing regime.

We're urging Senators to vote against CISA. It's a flawed bill suffering from serious problems. 

CISA will be up for a vote today. Join us in telling your Senators to oppose CISA.



Share this:   ||  Join EFF

Democracy Now! Wednesday, August 5, 2015

Democracy Now! BitTorrents -

Headlines for August 05, 2015; Juan González: Puerto Rico's Economic "Death Spiral" Tied to Legacy of Colonialism; Give Us the Ballot: The Struggle Continues 50 Years After Signing of the 1965 Voting Rights Act; The Making of Leopoldo López: An Investigation into Venezuela’s Most Prominent Opposition Figure

Samba Server Installation on Debian 8 (Jessie)

HowtoForge - Linux Howtos and Tutorials -

This tutorial explains the installation of a Samba fileserver on Debian 8 and shows you how to configure Samba to share files over the SMB/CIFS the protocol. Samba is configured as a standalone server, not as a domain controller. In the resulting setup, every user has his own home directory, all users have a shared group directory with read-/write access and optionally an anonymous share is added.


Subscribe to debianHELP aggregator