CYBER DRAGNET

Paulus Le Son, a blogger detained in Vietnam since August 2011

Arrests of Dissident Bloggers Continue in Vietnam

As we have previously covered, the Vietnamese government continues to crack down on bloggers and writers who have spoken out against the Communist regime. Alternative news site, Vietnam Redemptorist News, has been targeted by the state and several of their active contributors have been arrested. Paulus Le Son, 26, is one of the most active bloggers who was arrested without a warrant.

Vietnam is increasingly applying vague national security laws to silence free speech and political opposition. He is one of 17 bloggers who have been arrested since August 2011. Charged with “subversion” and “activities aimed at overthrowing the people’s administration”, there is a campaign to release him and the others who have been detained

EFF stands with the Committee to Project Journalists, Reporters Without Borders, and Front Line in calling for the immediate release of all arrested bloggers.

Google Quietly Releases Country-by-Country Take Downs For Blogger

Most of the blogosphere’s attention has been focused on Twitter’s new censorship policies released last week, but Google has quietly unveiled its new policies for its blogging interface, Blogger. The changes reflect a compromise similar to Twitter's, allowing them to target their response to content removal requests by certain states. Over the coming weeks, Google will redirect users to a country-code top-level domain, or “ccTLD”, which corresponds to the user’s current location based upon their IP address. Google also provides users a way to get around these blocks by entering a formatted No Country Redirect or “NCR” URL.

These moves come after pressure from countries like India that are cracking down on social media sites for content deemed “inappropriate”. On Blogger’s FAQ they explain why it has come to this:

Migrating to localized domains will allow us to continue promoting free expression and responsible publishing while providing greater flexibility in complying with valid removal requests pursuant to local law. By utilizing ccTLDs, content removals can be managed on a per country basis, which will limit their impact to the smallest number of readers. Content removed due to a specific country’s law will only be removed from the relevant ccTLD.

As these companies enter new countries, they become subject to local laws. Given that they say they already respond to valid and applicable court orders that could effect global access to certain content, it is in some ways an improvement to limit censorship to the region in which it applies. Google’s policy changes are similar to Twitter’s, which we reacted to last week:

For now, the overall effect is less censorship rather than more censorship, since they used to take things down for all users. But people have voiced concerns that "if you build it, they will come,"--if you build a tool for state-by-state censorship, states will start to use it. We should remain vigilant against this outcome.

The lasting consequences of this new policy cannot be foreseen, in the meantime we will be keeping a close eye on Chilling Effects to track government requests to censor content on Blogger.

China Shuts Down Tibetan Blogs

The Chinese government shut down several independent Tibetan-language blogs on Wednesday. This occurred amid heightened tensions in the decades-long conflict between the minority group and the government. While some of the take-downs leave no explanation, there was one notice by the Chinese state on AmdoTibet, whose blog has been the only page of the site has been taken down. It reads:

Due to some of the blog users not publishing in accordance with the goal of this site, the blog has temporarily been shut down, we hope that blog users will have understanding!

We condemn the Chinese government’s heavy-handed censorship policies, and demand them to stop silencing the Tibetan voice in their country.

Related Issues: Free SpeechBloggers' RightsInternational

At a hearing in the House over the search giant's new privacy policy, subcommittee Chairwoman Mary Bono Mack expresses frustration over what she sees as Google's lack of clarity in answering questions.

Dear Hollywood,

You don’t need us to tell you that your position on anti-"piracy" laws has been unpopular recently. Last month’s historic protests, with millions of Americans registering their opposition, have made that point pretty clear. Instead, we’re writing today to tell you that the Internet can be great for creators and their community, but your own leadership refuses to recognize and take advantage of its promise. It seems they’d rather spend your membership dues on lawyers, lobbyists and astroturf than innovation. We suspect many of you are realizing this, especially when you see how successful new business models can be.

We humbly suggest that you stand up and tell them to either embrace the age of the Internet or get out of the way so that new, forward-thinking industry leaders can take their place.

Hollywood’s leadership painted the push for the Stop Online Piracy Act (SOPA) and the PROTECT IP Act (PIPA) as a defense of your jobs — a stance that was cynical at best, as they know the only jobs the bill would save were those of their lawyers. What is worse, by framing a stance against SOPA and PIPA as a betrayal of creators everywhere, they’ve poisoned the debate about the legislation and attempted to mislead you into fighting for bills that won’t put a dent in online infringement but will interfere with the development of ways for creators like you to profit from Internet technologies.

An honest discussion of proposed legislation needs to start with the questions: Is this law necessary? And is it the best solution to the problem? Americans stood up against SOPA and PIPA not because they are “corporate pawns,” as MPAA Chairman Chris Dodd says, but because the answer to both of these questions is a big no.

For one thing, although the studio heads and MPAA leadership claim this legislation is about your jobs, they’re curiously silent about the fact that entertainment spending and revenues are up across the board. In the words of one recent study, the sky isn’t falling — it’s rising. So if you’re concerned about your job, please realize the primary threat does not come from unauthorized downloading. The actor Wil Wheaton suggests that the problem might be closer to home:

I have lost more money to creative accounting, and American workers have lost more jobs to runaway production, than anything associated with what the MPAA calls piracy.

Moreover, as the publisher Tim O’Reilly has explained for a decade now, “obscurity is a far greater threat to authors and creative artists than piracy.”  The Internet is the best tool for publicity and distribution the world has ever known – if you know how to use it.

And though the handful of executives at the top might not have realized that yet, individual creators among you have reached this conclusion and are already profiting from it. At last week’s Sundance festival, even as Dodd and others were lamenting the web’s impact on film, ten percent of the films were financed by pledges through the online fundraising platform Kickstarter. And after film, music projects are Kickstarter’s second largest funding recipients. The music publishing platform Bandcamp now regularly pays out a million dollars to artists each month through sales made on the site. Some of those sales are even made to people who were looking for free content, but were enticed by the friendly purchase process.

Even some label executives, like Craig Davis at EMI, have realized that unauthorized downloading is "a service issue." Or to put it simply, as the musician Jonathan Coulton has written: "Make good stuff, then make it easy for people to buy it. There’s your anti-piracy plan."

The tech community loves creativity, and it wants to support artists, but it’s got a real problem with the people who run Hollywood. As long as it’s worried about Hollywood leadership doing damage to civil liberties and online freedom, the kind of profitable partnerships we know are possible will be difficult to make.

We’ve seen this movie before, and we know how it ends. The right answer to the question that the Internet raised isn't to demonize the tech community and innovators. That strategy failed dramatically against earlier technologies like the VCR, which MPAA President Jack Valenti compared to "the Boston strangler" in a 1982 testimony to Congress. Of course, that innovation opened up the home video market, which is now the source of nearly half of all studio revenue.

SOPA and PIPA were a step in the wrong direction, but it’s not too late to turn this ship around. Please, tell your leaders to support innovation — or get new leaders.

Best of luck,
The Internet

Related Issues: Intellectual PropertyInternet Blacklist Legislation

Right now, representatives from nine countries including the United States are secretly meeting in a luxury hotel in Beverly Hills to negotiate the Trans-Pacific Partnership Agreement, a trade agreement with the potential to contain intellectual property provisions that go beyond ACTA. These secret meetings could create over-reaching new rules and standards that will choke off the online speech of individuals, websites, and platforms accused of copyright infringement.

But because the meetings are held behind closed doors and the text has not been released to the public, the citizens who will be affected do not know the details and don’t have a voice.

Click here to join EFF in demanding a Congressional hearing so lawmakers can learn what’s in the TPP and hear from all affected stakeholders, not just the content industry.

Yesterday, EFF International Rights Director Katitza Rogriguez checked in with protestors outside ongoing TPP meetings in Los Angeles. Katitza reported:

The energy at the rally was intoxicating. And the people were right to protest: TPP is one more in a long line of global copyright initiatives that are putting Internet users last. All over the world, people are saying enough is enough.

This week of negotiations in Los Angeles is a crucial moment for the TPP. Please contact your lawmakers today and let them know that we will not be left in the dark. Demand to know what's in the Trans-Pacific Partnership Agreement.

Related Issues: Intellectual PropertyInternationalTrans-Pacific Partnership Agreement

EFF Formally Requests Retention of Materials Stored on Megaupload’s Services

San Francisco - The Electronic Frontier Foundation (EFF) today formally requested the preservation of the data seized when the U.S. government shut down Megaupload.com and related sites, notifying the court and attorneys involved in the case that Megaupload's innocent users deserve a fair process to control and retrieve their lawful material.

"The government knows that Megaupload had many customers who followed the law. Yet it gave those users no notice that their data was at risk and no information about how they might be able to eventually get that data back," said EFF Staff Attorney Julie Samuels. "Our client, and the many other innocent Megaupload users, are entitled to a clear process for obtaining access to their own property, and the first step is to make sure that property is not deleted or damaged until the court can sort this out."

Instead of assisting the innocents caught up in the seizure, the U.S government summarily announced this week that it had finished its examination of Megaupload's servers and announced that the companies that owned those servers – Carpathia and Cogent – were free to delete the contents. The government even stated that deletions could start as soon as February 2, leaving innocent users with very little time to protect themselves. Thankfully, both hosting services have agreed not to destroy users' data for the time being, and it appears that Megaupload is trying in good faith to help users get access. But there is still no clear path for customers to get their content back.

"Megaupload's innocent users are entitled to access their property," said EFF Legal Director Cindy Cohn. "We hope that everyone involved can work together to comply with the law and ensure basic fairness to the millions of people who have done nothing wrong."

This week, Carpathia Hosting and EFF announced that Carpathia created a website at www.megaretrieval.com so that Megaupload’s lawful customers could contact EFF and provide information about the scope of the issue and the material made unavailable by the seizure.  If you are one of these users, are based in the United States, and are looking for legal help retrieving your data, please email your contact information to megauploadmissing@eff.org.

For the full letter sent to the court:
https://www.eff.org/document/letter-court

For more on this case:
https://www.eff.org/cases/megaupload-data-seizure

Contacts:

Julie Samuels
   Staff Attorney
   Electronic Frontier Foundation
   julie@eff.org

Cindy Cohn
   Legal Director
   Electronic Frontier Foundation
   cindy@eff.org

It Shouldn't Take a Letter from Congress for Google to Give Straight Answers About Privacy Policy Changes

Last week, Google announced a new, simplified privacy policy. They did a great job of informing users that the privacy policy had been changed through emails and notifications, and several experts (including Ontario’s Privacy Commissioner Dr. Ann Cavoukian) have praised the shift toward a simpler, more unified policy. Unfortunately, while the policy might be easier to understand, Google did a less impressive job of publicly explaining what in the policy had actually been changed.  In fact, it took a letter from eight Representatives to persuade them to provide straightforward answers to the public about their new policy.   

Here’s what you need to know about the substantive changes in the new policy:

1. Up until March 1, 2012, the data Google collected on you when you used YouTube was carefully cabined away from your other Google products. So, in effect, Google could use data they collected on YouTube to improve and customize the users’ YouTube experience, but couldn’t use the data to customize and improve user experience on, say, Google+.
2. The same siloing took place for your search history. Previously, Google search data was kept separate from other products. Even when users were logged in, Google promised not to share the information they gathered about you from your Google search history when customizing their other products. Considering how uniquely sensitive user search history can be (indicating vital facts about your location, interests, age, sexual orientation, religion, health concerns, and much more), this was an important privacy protection. 

The new privacy policy removes the separation between YouTube, Google search, and other Google products. By describing the change as "treat[ing] you as a single user," Google intends to remove the privacy-protective separations from YouTube and Google search

Unfortunately, Google’s original explanation left much to be desired.  The policy’s overview page said nothing about the substantive changes that were occurring in the policy, and the FAQ was equally vague:

What’s different about the new Privacy Policy?

First, we’ve rewritten the main Google Privacy Policy from top to bottom to be simpler and more readable. The new policy replaces more than 60 existing product-specific privacy documents. This all should make it easier for you to learn about what data we collect and how we use it.

Second, the new policy reflects our efforts to create one beautifully simple, intuitive user experience across Google. It makes clear that, if you have a Google Account and are signed in, we may combine information you’ve provided from one service with information from other services. In short, we can treat you as a single user across all our products.

"Beautifully simple" and the ability to "treat you as a single user" don’t actually get at the kernel of what changed: that they are specifically enacting a change to how they treat data they collect through YouTube and search history. To be clear, they aren’t collecting more information, but they are sharing that information in a new way.

We were heartened to see the letter and Q&A Google published yesterday in response to the questions from Congress in which they gave straight answers about their new policy. They stated:

Specifically, our policies meant that we couldn’t combine data from YouTube and search history with other Google products and services to make them better. So if a user who likes to cook searches for recipes on Google, we are not able to recommend cooking videos when that user visits YouTube, even though he is signed in to the same Google Account when using both.

This is a great deal clearer than their original notification, so we applaud that. It’s unfortunate that it took a letter from Congress to get them to give the public straightforward explanations.

For individuals who would like to continue using Google products, but want to create some type of silo between Google search, YouTube, and other products, there is an option to set up multiple Google accounts. Users can set up two or more accounts as long as they have different Gmail addresses; however, individuals using this strategy to protect their privacy should be careful not to commingle-consider using separate browsers for each of your Google accounts. To be extra careful, users might want to use the Data Liberation tool to grab a copy of all of their data from a particular Google product, delete the data from the original account, and then upload that data onto the new account. For example, an individual might set up a secondary Google account for browsing and sharing YouTube videos. She could then download all of her existing YouTube videos to her computer, delete them from her primary Google profile, and then use a separate browser to upload them to a new secondary Google account. Unfortunately, this is a somewhat laborious process. To help users who wish to keep separate accounts, Google should make the process simpler and easier.

Users who are concerned about search privacy can find additional advice in our whitepaper: 6 Tips to Protect Your Search Privacy.

Related Issues: PrivacySearch Engines

Apple's attempts at getting Samsung's Galaxy Tab 10.1N and Galaxy Nexus smartphone banned from sale in the country have been rejected by a German judge.

Originally posted at Apple Talk

roundup The Stop Online Piracy Act is intended to target "rogue" Web sites, but critics say it'll knock the stuffing out of legitimate sites as well.

Originally posted at News - Digital Media

The feds adopt major reforms to a subsidy program for low-income families and introduce a new pilot program to subsidize broadband.

Originally posted at Signal Strength

In the media firestorm surrounding the recent Megaupload takedown, there has been little lacking in the way of drama (police helicopters, midnight raids, safe rooms, shotguns, and inflatable tanks, for starters). The legal battles between the government and Megaupload are unlikely to end soon. In the meantime, however, many ordinary users of Megaupload’s services have been swept up in the government’s dragnet, and, as a consequence, have lost access to their own data.

Megaupload, of course, had many lawful customers (see here and here, for example). Yet those people were given no notice that they might lose access to their data and no clear path to getting their property back. Setting aside the legal case against Megaupload, the government should try to avoid this kind of collateral damage, not create it.

We learned yesterday that the government has finished its investigation of Megaupload’s servers and claims that the companies that own those servers – Carpathia and Cogent – are free to delete their contents. Luckily, those companies aren't following the government's example of shooting first and asking later. To that end, Carpathia has put together a site at www.megaretrieval.com where Megaupload customers can contact EFF and provide information to help assess the scope of the issue and possible responses.

If you believe you are one of these users, are based in the United States, and are looking for legal help to retrieve your data, please email your contact information to Megauploadmissing@eff.org. While we will try to respond to everyone, you should understand that we are still at the preliminary stages of our investigation.

Files:  Jan_24_govt_letter.pdfRelated Issues: Free SpeechIntellectual PropertyFile SharingRelated Cases: Megaupload Data Seizure

AT&T asked the FCC not to restrict Dish from transferring or leasing its wireless spectrum, but also to make the satellite provider build a network quickly.

Originally posted at Signal Strength

Defendants Told They Must Reveal Their Identities Before Fighting to Protect Anonymity

San Francisco - The Electronic Frontier Foundation (EFF) has asked a federal judge in Washington, D.C., to protect the identities of individuals sued in a mass copyright lawsuit involving pornographic materials.

In this case, adult film company Hard Drive Productions sued 1495 unnamed Internet users, claiming they illegally downloaded copyrighted pornographic material. Some of these defendants moved to quash subpoenas aimed at revealing their identity. Many filed those motions under seal, to protect their anonymity until the motions are decided.

Last month, a judge issued a "Catch-22" order, requiring these individuals to reveal their identities before their motions – which were made to protect their identities – could proceed. In a friend of the court brief filed Monday, EFF argues that this requirement could induce defendants to settle their lawsuits in order to avoid the embarrassment, humiliation, or expense, instead of getting to the merits of the case.

"These subpoenas need to be considered in the context in which this case was brought," said EFF Staff Attorney Mitch Stoltz. "The plaintiffs here hope to take advantage of the stigma associated with pornography – as well as the threat of an expensive court battle – to induce people to settle no matter what their defenses might be. If defendants can't fight the exposure of their identities without exposing their identities, then the plaintiffs have already won."

The case is one of a growing number of mass copyright lawsuits that do not appear to be filed with any intention of litigating them. Instead, once identities of suspected infringers are obtained from ISPs, the plaintiffs send settlement letters offering to make the lawsuit go away for a few thousand dollars. A ruling on whether a film company may obtain identities of anonymous Internet users may be the last chance for defendants to be heard by the court.

EFF's brief explains both the speech implications of the ruling and the importance of the court rules that protect defendants, given the numerous ways these mass lawsuits violate due process.

"All that the plaintiffs need here to pursue their settlement shake-down scheme is the identity of the anonymous defendants," said EFF Intellectual Property Director Corynne McSherry. "These defendants have a First Amendment right to argue for their anonymity without the court forcing them to moot that argument from the start. We're asking for these motions to quash to go forward without requiring them to be unsealed, and we're also asking the court to throw this case out given the basic due process flaws."

For the full amicus brief:
https://www.eff.org/document/amicus-brief-hard-drive-productions-v-does-1-1495

For more on copyright trolls:
https://www.eff.org/issues/copyright-trolls

Contacts:

Corynne McSherry
   Intellectual Property Director
   Electronic Frontier Foundation
   corynne@eff.org

Mitch Stoltz
   Staff Attorney
   Electronic Frontier Foundation
   mitch@eff.org

commentary The justices have ruled that GPS tracking requires a warrant. Now Congress needs to act to balance privacy and public safety regarding location data.

This January 28 marks International Privacy Day. Different countries around the world are celebrating this day with their own events. This year, we are honoring the day by calling attention to recent international privacy threats and interviewing data protection authorities, government officials, and activists to gain insight into various aspects of privacy rights and related legislation in their own respective countries.

---

As part of International Privacy Day, the EFF asked data protection authorities, politicians, and activists about privacy related issues and concerns for 2012. In addition to the individuals highlighted in our previous posts, EFF heard back from the Council of Europe, the European Data Protection Supervisor (EDPS), and activists from Canada, France and Spain. In various ways, all of the responses focused on government surveillance or data protection laws. For the Council of Europe and European Data Protection Supervisor, the focus was on data protection agreements, while the activists were mindful of the ever-increasing power of government authorities to surveil their citizens

This year, the Council of Europe will focus on modernizing the 1987 Recommendation on the use of personal data in the police sector. This recommendation created basic principles for collecting, storing, and using citizens' personal data by the police. Sophie Kwasny, Head of the Data Protection Unit at the Council of Europe emphasized the need for updating the 1987 agreement as law enforcement is a massive user of both private and public data.

The EDPS will also play a vital role in government data protection and privacy as it comments on the 2012 European Commission new legislative proposal in the area of police and justice. In a recent press release, the EDPS regretted over the inadequate rules in this area. He expressed concern  over the lack of stricter rules for the transfer of personal data outside the EU, the unregulated ability for police to access data stored by private companies, and the lack of power given to data protection authorities’ ability to oversee and control the processing of such personal data. In the coming weeks, the EDPS will release a full opinion on the legislation.

Despite the fact that the activists hailed from different countries, the expansive use of government surveillance and corporate data was a shared concern in their answers to a question about the major threats to privacy in 2012. Sophie Kawsny's answers from the Council of Europe described "Internet firms" who are "being asked to hand over personal data" as well as "software silently capturing every little piece of information provided by keystrokes" as major threats to watch for in 2012.

Ms. Kawsny's answer was reflected in Victor Domingo's answer. Mr. Domingo, President of Asociacion de Internautas (AI) Spain, discussed the creation of SITEL, Sistema Integrado de Interceptación de Telecomunicaciones, (Integrated System of Telecommunications Interception), software that intercepts peoples’ traffic data. Over the past few years, Spaniards learned that the program was used by the government to intercept (in real-time) the identity of callers, the place where they call, and other metadata associated with their phone number. La Asociacion de Internautas has widely criticized SITEL, as well as the Spanish government, for the lack of legal safeguards on the protection of these data. The Asociacion de Internautas in Spain has argued that the mere interception of traffic data constitutes the interception of communications because it allows one to know the data of who communicates with whom, the frequency, and for how long.

In France, a rapid increase of the use of police databases continues to be an important issue since 2002. In his interview, French activist and journalist at Owni.fr, Jean Marc Manach discussed the improper use of police databases by the French police. Since 2002, it has been uncovered that 44 out of 80 French police databases had no legal basis. The databases range from criminal charges to biometrics, and includes a database dedicated to suspected criminals. In a 2008 investigation into one of the biggest databases, the French data projection authorities found 83% of the files contained errors. These law enforcement databases are an going issue in France.

While Mr. Manach was concerned about the actual number and reliability of government databases, Michael Vonn, the Policy Director of the BC Civil Liberties Association, the oldest civil liberties group based in Canada, voiced concerns about "intelligence-led policing," which is "increasingly being used to stifle political dissent and target activists." In her response, Ms. Vonn noted the major cases of law enforcement abuse in 2011: the recently revealed years-long extensive surveillance of First Nations people and Aboriginal rights supporters and the largest undercover police operation carried out during the Vancouver Olympics and Toronto G-20 demonstrators.

As storing data gets easier, the government's appetite for storing, using, and analyzing citizen data only increases. In 2012, the Council of Europe and the European Commission will be working on ways to improve directives aimed at local law enforcement. We hope that EU data protection authorities play a vital role in protecting citizen's privacy rights.

Related Issues: InternationalInternational Privacy StandardsPrivacy

This January 28 marks International Privacy Day. Different countries around the world are celebrating this day with their own events. This year, we are honoring the day by calling attention to recent international privacy threats and interviewing data protection authorities, government officials, and activists to gain insight into various aspects of privacy rights and related legislation in their own respective countries.

---

Throughout history, there have been a number of reasons why individuals have taken to writing or producing art under a pseudonym. In the 18th century, James Madison, Alexander Hamilton, and John Jay took on the pseudonym Publius to publish The Federalist Papers. In 19th century England, pseudonyms allowed women--like the Brontë sisters, who initially published under Currer, Ellis, and Acton Bell--to be taken seriously as writers.

Today, pseudonyms continue to serve a range of individuals, and for a variety of reasons. At EFF, we view anonymity as both a matter of free speech and privacy, but in light of International Privacy Day, January 28, this piece will focus mainly on the latter, looking at the ways in which the right to anonymity--or pseudonymity--is truly a matter of privacy.

Privacy from employers

Human beings are complex creatures with multiple interests. As such, many professionals use pseudonyms online to keep their employment separate from their personal life. One example of this is the Guardian columnist GrrlScientist who, upon discovering her Google+ account had been deleted for violating their “common name” policy, penned a piece explaining her need for privacy. Another example is prominent Moroccan blogger Hisham Khribchi, who has explained his use of a pseudonym, stating:

When I first started blogging I wanted my identity to remain secret because I didn’t want my online activity to interfere with my professional life. I wanted to keep both as separate as possible. I also wanted to use a fake name because I wrote about politics and I was critical of my own government. A pseudonym would shield me and my family from personal attacks. I wanted to have a comfortable space to express myself freely without having to worry about the police when I visit my family back in Morocco.

Though Khribchi’s reasoning is two-fold, his primary concern--even stronger than his need for protection from his government--was keeping his online life separate from his employment.

Even Wael Ghonim--the now-famous Egyptian who helped launch a revolution--conducted his activism under a pseudonym...not to protect himself from the Egyptian government, but rather because he was an employee of Google and wanted to maintain an air of neutrality.

Privacy from the political scene

In 2008, an Alaskan blogger known as “Alaska Muckraker” (or AKM) rose to fame for her vocal criticism of fellow Alaskan and then-McCain-running-mate Sarah Palin. Later, after inveighing against a rude email sent to constituents by Alaska State Representative Mike Doogan, AKM was outed--by Doogan--who wrote that his “own theory about the public process is you can say what you want, as long as you are willing to stand behind it using your real name.”

AKM, a blogger decidedly committing an act of journalism, could have had any number of reasons to remain anonymous. As she later wrote:

I might be a state employee. I might not want my children to get grief at school. I might be fleeing from an ex-partner who was abusive and would rather he not know where I am. My family might not want to talk to me anymore. I might alienate my best friend. Maybe I don't feel like having a brick thrown through my window. My spouse might work for the Palin administration. Maybe I'd just rather people not know where I live or where I work. Or none of those things may be true. None of my readers, nor Mike Doogan had any idea what my personal circumstances might be.

Though Doogan claimed that AKM gave up her right to anonymity when her blog began influencing public policy, he’s wrong. In the United States, the right to anonymity is protected by the First Amendment and must remain so, to ensure both the free expression and privacy rights of citizens.

Similarly, in 2009, Ed Whelans, a former official with the Department of Justice, outed anonymous blogger John Blevins--a professor at the South Texas College of Law--in the National Review, calling him “irresponsible”, and a “coward.” Blevins took the fall gracefully, later explaining why he had chosen to blog under a pseudonym. Like Khribchi, Blevins’ reasons were numerous: He feared losing tenure and legal clients, but he also feared putting the jobs of family members in the political space at risk.

Privacy from the public eye

A friend of mine--let’s call him Joe--is the sibling of a famous celebrity. But while he’s very proud of his sibling, Joe learned early on that not everyone has his best interests at heart. Therefore, Joe devised a pseudonym to use online in order to protect the privacy of himself and his family.

In Joe’s case, the threat is very real: celebrities are regularly stalked, their houses broken into. His pseudonym keeps him feeling “normal” in his online interactions, while simultaneously protecting his sibling and the rest of his family from invasions of privacy.

Achieving anonymity online

Anonymity and pseudonymity may seem increasingly difficult to achieve online. Not only do companies like Facebook restrict your right to use a pseudonym, but even when you do think you're anonymous, you might not be--as blogger Rosemary Port found out in 2009 after Google turned over her name in response to a court order.

While we should continue to fight for our privacy under the law, the best thing we can do as users to who value our right to anonymity is to use tools like Tor. Anonymous bloggers can use Global Voices Advocacy's online guide to blogging anonymously with WordPress and Tor. And all Internet users should educate themselves about what is--and isn't--private on their online accounts and profiles.

Related Issues: Free SpeechAnonymityInternationalPrivacy

This January 28 marks International Privacy Day. Different countries around the world are celebrating this day with their own events. This year, we are honoring the day by calling attention to recent international privacy threats and interviewing data protection authorities, government officials, and activists to gain insight into various aspects of privacy rights and related legislation in their own respective countries.

We interviewed Ann Cavoukian, Information and Privacy Commissioner of Ontario, Canada. Commissioner Cavoukian has dedicated herself to speaking out against the Canadian "lawful access" bills, and understands the threat of law enforcement's warrantless access to user data. She is also a strong supporter of "Privacy by Design" and her office has worked hard to develop this concept into a strategy for dealing with privacy concerns in a rapidly changing technical environment.

We asked Cavoukian about her long-standing commitment to upholding privacy in Canada.

[These are excerpts. The interview in its entirety is attached below.]

In your opinion, which will be one of the major threats to privacy in 2012?

The application of new technologies that facilitate collecting detailed information about people’s lives continue to create unique challenges and threats to individual privacy rights. Business and, by consequence, law enforcement, will be attracted to the capability of these new technologies to provide faster and better data on which to make decisions; but this is not an “either-or” situation–privacy needs to be at the forefront. Businesses must think beyond security–while security is essential to privacy, it does not equal privacy ~ ideally, they should adopt a Privacy by Design approach.

The most serious threats to privacy arise from misconceptions about privacy in the popular press and are spreading like wildfire.

• Misconception #1 – Privacy is dead or obsolete; 
• Misconception #2 – Privacy stops us from performing our jobs;
• Misconception #3 – With the massive growth of new information technologies, you cannot have both widespread connectivity and privacy – wrong!

Not only do these misconceptions contradict one another, they are dead wrong! Privacy is alive and well, and more relevant than ever. Consider, for example, that the same technologies that serve to threaten privacy may also be enlisted to its support. Properly understood, privacy is becoming increasingly critical to achieving success in the new economy. In this environment, Privacy by Design offers a principled, flexible, and technology-neutral vehicle for engaging with privacy issues, and for resolving them in ways that support multiple outcomes in a full functionality, positive-sum, win-win scenario. 

In the consumer privacy and data protection realm, which is the most important legislative and/or policy effort for 2012 that will affect citizen's privacy rights in your country?

[One] important legislative effort in Canada is the reintroduction of federal Bill C-12, the proposed Safeguarding Canadians’ Personal Information Act. If passed, Bill C-12 will include defining what constitutes “valid consent” in the Personal Information and Electronic Documents Act with regard to the collection, use, and disclosure of personal information. The bill will also likely expand the number of circumstances where personal information may be collected, used, and disclosed without an individual’s knowledge or consent. Finally, the bill may implement mandatory reporting of “material breaches of security safeguards” to the Privacy Commissioner of Canada.

Internationally, the European Union intends to harmonize its data protection laws to allow companies to operate across the 27-country bloc under one data protection regulation. This proposed regulation would enhance the privacy rights of all individuals whose personal information is processed in Europe (i.e., not just Europeans’ personal information) and may also require companies to take a Privacy by Design approach to protecting personal information, including implementing Privacy by Design default settings for their business practices and IT systems.

In the U.S., it is unlikely that Congress will pass privacy legislation this year. However, both the Commerce Department and the Federal Trade Commission (“FTC”) are set to release separate final reports with recommendations on how to improve online privacy. It is expected that the FTC report will include support for a system that would give consumers a choice on whether they want to be tracked online. The Commerce Department’s report will likely advocate privacy legislation that includes providing consumers with notice about the information being collected about them, choice, access to the information, and security to ensure that data is protected.

In your opinion, which is the most important legislative or policy effort impacting citizen's privacy vis-a-vis the government in 2012?

In Canada, a worrisome legislative proposal likely to affect the privacy of all Canadians in 2012 is the anticipated reintroduction of federal “lawful access” bills. If passed in their original form, these bills will provide the police with a much greater ability to access and track information, via the communications technologies that Canadians now take for granted, including in some circumstances, without a warrant or any judicial oversight.

In view, this represents a looming system of “Surveillance by Design,” that should concern everyone in a free and democratic society. In this day and age of 24/7 online expanded connectivity and immediate access to digitized information, new analytic tools and algorithms now make it possible not only to link a number with an identifiable individual, but also to combine information from multiple sources, ultimately creating a detailed personal profile of a personally-identifiable individual.

• Bill C-50 would make it easier for the police to obtain judicial approval of multiple tracking warrants and production orders, to access and track e-communications.
• Bill C-51 would give the police new powers to obtain court orders for remote live tracking, as well as weaker suspicion-based orders (rather than based on a “reasonableness” standard) requiring telecommunication service providers and other companies to preserve and turn over data of interest to the police.
• Bill C-52 would require telecommunication service providers to build and maintain intercept capability into their networks for use by law enforcement, and would give the police warrantless power to access subscriber information–including IP addresses and personally-identifiable information that goes far beyond address and phone number.

My office holds the various police services in the highest regard and has a deep appreciation for the critical functions performed by law enforcement. However, I oppose legislation that lacks proper judicial oversight, or is deficient in transparency and openness; these elements are vital in a free and democratic society. We must be vigilant in not allowing the admitted investigative needs of police forces to interfere with our constitutional right to be secure from unreasonable state surveillance. The proposed surveillance powers would come at the expense of the necessary privacy safeguards guaranteed under the Canadian Charter of Rights and Freedoms.

Properly supervised, surveillance powers can be invaluable to law enforcement. However, it is equally true that where individuals are subject to unwarranted suspicions, or evidence is poorly handled, or erroneous conclusions are hastily drawn, the consequences for innocent individuals can be devastating. Recent national security-related investigations make this all too clear (e.g., Maher Arar).

Like other Canadian provincial, territorial and federal privacy commissioners, I have been strongly urging the federal government to re-draft these bills, in recognition of the sensitivity of the data being collected. At a minimum, the proposed legislation should not proceed unless it contains adequate judicial authorization and accountability provisions, in order to preserve the vital elements of openness and transparency that are fundamental to Canada’s free and democratic society. Public Parliamentary hearings must also be scheduled to ensure that civil society, as well as the telecommunications industry, has a full opportunity to provide their input.

Which is the most important privacy case either heard by the Supreme Court in the past year, and/or anticipated to come before it in the coming year? Any major case-law victories on privacy last year?

Several Canadian cases strike me as having significant privacy implications:

(1)    Emms et al. v. R.: In March of 2012, the Supreme Court of Canada will hear five related cases from persons who are appealing criminal convictions following jury trials where the Crown and police conducted background checks on prospective jurors. These appeals are part of a larger problem of "jury vetting" that was uncovered in 2009 and investigated by my office (see report entitled Excessive Background Checks Conducted on Prospective Jurors: A Special Investigation Report). The decision of the Court is likely to provide important guidance about the limits of government intrusion into the personal lives of prospective jurors. I have asked the Court for leave to intervene in the case as an Amicus Curiae.

(2)    Jones v. Tsige: One of the most significant Canadian privacy cases in the past twelve months was last week’s decision of the Ontario Court of Appeal in my jurisdiction that recognized a new common law tort for persons who have had their personal privacy violated. In order to establish this new tort of “intrusion of seclusion,” a plaintiff must show that: (a) the defendant’s conduct was intentional or reckless; (b) the defendant invaded, without lawful justification, the plaintiff’s private affairs or concerns; and (c) a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish. While it is unclear as to whether any of the parties will seek leave to have this case heard by the Supreme Court of Canada, given the significance of the legal issues, there is a strong chance that the Court would agree to hear the case if leave was sought.

~

This is a guest blogpost. We do not necessarily endorse the views expressed.

Files:  Ontario-Commissioner.pdfRelated Issues: InternationalInternational Privacy StandardsPrivacy

A newly unearthed e-mail exchange between Apple's Steve Jobs and Google's Eric Schmidt shows Jobs actively telling Google not to try to hire its employees, resulting in the firing of at least one recruiter.

Originally posted at Apple Talk

Ethiopian blogger smacked with life sentence

According to the Committee to Protect Journalists, Ethiopian blogger Elias Kifle was handed a life sentence in absentia this week for his coverage of banned opposition groups.  Kifle, who lives in the United States, is editor of the Washington-based opposition website Ethiopian Review and was previously handed a life sentence, in 2007, on charges of treason. Kifle was sentenced along with columnist Reeyot Alemu and editor Woubshet Taye, both of whom live and work in Ethiopia and received 14-year prison sentences.

EFF condemns the decision by the Addis Ababa court and echoes CPJ's call to the Supreme Court to reverse the convictions.

Tunisian fight for Internet freedom continues

EFF has stood behind the Tunisian Internet Agency (ATI) in its fight to keep the Tunisian Internet free and open. Next month, reports Global Voices, the ATI will stand in Tunisia's highest court, the Court of Cassation, for a final appeal against the decision to force it to implement filtering of pornographic content.

In the article, author Afef Abrougui points out that now-President Moncef Marzouki had previously opposed the allocation of funds for the purchase of Internet censorship equipment, but now supports "red lines" limiting freedom of expression. Though the decision to block pornography is supported by a number of Tunisian citizens, there is significant opposition, mainly a result of lingering sentiment toward the oppressive censorship policies during the Ben Ali era.

EFF upholds its support for the ATI and will stand behind them in their appeal next month.

Polish citizens protest ACTA

EFF has written extensively on our opposition to ACTA. That opposition is not merely the domain of rights groups in the United States, however, as was demonstrated this past week when Polish citizens took to the streets to express their opposition to the bill. The Warsaw Voice reported thousands of street protesters, while Global Voices reported more than 900 Polish websites going dark in protest on January 24.

As we have stated, "ACTA may have been signed by public officials, but it’s crystal clear that they are not representing the public interest." We encourage the international community to lobby their local representatives to oppose this bill.

Related Issues: Free SpeechInternationalAnti-Counterfeiting Trade Agreement

Yesterday, Twitter announced in a blog post that it was launching a system that would allow the company to take down content on a country-by-country basis, as opposed to taking it down across the Twitter system. The Internet immediately exploded with allegations of censorship, conspiracy theories about Twitter’s Saudi investors and automated content filtering, and calls for a January 28 protest. One thing is clear: there is widespread confusion over Twitter's new policy and what its implications are for freedom of expression all over the world.

Let’s get one thing out of the way: Twitter already takes down some tweets and has done so for years. All of the other commercial platforms that we're aware of remove content, at a minimum, in response to valid court orders. Twitter removes some tweets because they are deemed to be abuse or spam, while others are removed in compliance with court orders or DMCA notifications. Until now, when Twitter has taken down content, it has had to do so globally. So for example, if Twitter had received a court order to take down a tweet that is defamatory to Ataturk--which is illegal under Turkish law--the only way it could comply would be to take it down for everybody. Now Twitter has the capability to take down the tweet for people with IP addresses that indicate that they are in Turkey and leave it up everywhere else. Right now, we can expect Twitter to comply with court orders from countries where they have offices and employees, a list that includes the United Kingdom, Ireland, Japan, and soon Germany.

Twitter's increasing need to remove content comes as a byproduct of its growth into new countries, with different laws that they must follow or risk that their local employees will be arrested or held in contempt, or similar sanctions. By opening offices and moving employees into other countries, Twitter increases the risks to its commitment to freedom of expression. Like all companies (and all people) Twitter is bound by the laws of the countries in which it operates, which results both in more laws to comply with and also laws that inevitably contradict one another. Twitter could have reduced its need to be the instrument of government censorship by keeping its assets and personnel within the borders of the United States, where legal protections exist like CDA 230 and the DMCA safe harbors (which do require takedowns but also give a path, albeit a lousy one, for republication).

Twitter is trying to mitigate these problems by only taking down access to content for people coming from IP addresses the country seeking to censor that content. That's good. For now, the overall effect is less censorship rather than more censorship, since they used to take things down for all users. But people have voiced concerns that "if you build it, they will come,"--if you build a tool for state-by-state censorship, states will start to use it. We should remain vigilant against this outcome.

In the meantime, Twitter is taking two additional steps to ensure that users know that the censorship has happened. First, they are giving users notice when they seek that content. Second, they are sending the notices they receive to the Chilling Effects Project, which publishes the orders, creating an archive. Note: EFF is one of the partners in the Chilling Effects project. So far, of very big websites only Google and Wikipedia are this transparent about what they take down or block and why. When Facebook takes down a post, there is no public accountability at all. Through Chilling Effects, users can track exactly what kinds of content Twitter is being asked to censor or take down and how that happened.

So what should Twitter users do? Keep Twitter honest. First, pay attention to the notices that Twitter sends and to the archive being created on Chilling Effects. If Twitter starts honoring court orders from India to take down tweets that are offensive to the Hindu gods, or tweets that criticize the king in Thailand, we want to know immediately. Furthermore, transparency projects such as Chilling Effects allow activists to track censorship all over the world, which is the first step to putting pressure on countries to stand up for freedom of expression and put a stop to government censorship.

What else? Circumvent censorship. Twitter has not yet blocked a tweet using this new system, but when it does, that tweet will not simply disappear—there will be a message informing you that content has been blocked due to your geographical location. Fortunately, your geographical location is easy to change on the Internet. You can use a proxy or a Tor exit node located in another country. Read Write Web also suggests that you can circumvent per-country censorship by simply changing the country listed in your profile.

Related Issues: Free SpeechInternational

If there’s one thing that encapsulates what’s wrong with the way government functions today, ACTA is it. You wouldn’t know it from the name, but the Anti-Counterfeiting Trade Agreement is a plurilateral agreement designed to broaden and extend existing intellectual property (IP) enforcement laws to the Internet. While it was only negotiated between a few countries,1 it has global consequences. First because it will create new rules for the Internet, and second, because its standards will be applied to other countries through the U.S.’s annual Special 301 process. Negotiated in secret, ACTA bypassed checks and balances of existing international IP norm-setting bodies, without any meaningful input from national parliaments, policymakers, or their citizens. Worse still, the agreement creates a new global institution, an "ACTA Committee" to oversee its implementation and interpretation that will be made up of unelected members with no legal obligation to be transparent in their proceedings. Both in substance and in process, ACTA embodies an outdated top-down, arbitrary approach to government that is out of step with modern notions of participatory democracy.

The EU and 22 of its 27 member states signed ACTA yesterday in Tokyo. This news is neither momentous nor surprising. This is but the latest step in more than three years of non-transparent negotiations. In December, the Council of the European Union—one of the European Union’s two legislative bodies, composed of executives from the 27 EU member states—adopted ACTA during a completely unrelated meeting on agriculture and fisheries. Of course, this is not the end of the story in the EU. For ACTA to be adopted as EU law, the European Parliament has to vote on whether to accept or reject it.

In the U.S., there are growing concerns about the constitutionality of negotiating ACTA as a “sole executive agreement”.  This is not just a semantic argument. If ACTA were categorized as a treaty, it would have to be ratified by the Senate. But the USTR and the Administration have consistently maintained that ACTA is a sole executive agreement negotiated under the President’s power. On that theory, it does not need Congressional approval and thus ACTA already became binding on the US government when Ambassador Ron Kirk signed it last October.

But leading US Constitutional Scholars disagree. Professors Jack Goldsmith and Larry Lessig, questioned the Constitutionality of the executive agreement classification in 2010:

The president has no independent constitutional authority over intellectual property or communications policy, and there is no long historical practice of making sole executive agreements in this area. To the contrary, the Constitution gives primary authority over these matters to Congress, which is charged with making laws that regulate foreign commerce and intellectual property.2

(And by the way, we agree [pdf].)

Senator Ron Wyden has been asking these questions for years, first demanding an explanation from USTR ambassador Ron Kirk, President Obama, and now the administration’s top international law expert Harold Koh. The distinction between executive agreement and treaty should not be lost on this administration: as a Senator, Vice President Joe Biden used the same argument to require the Bush administration to seek Senate approval for an arms reduction agreement.

Public interest groups and informed politicians have long lamented these problems with ACTA. But the impact of dubious backroom law-drafting is getting fresh attention in light of the powerful global opposition movement that has emerged out of last week’s Internet blackout protests. Activists and netizens all around the world have woken up to the dangers of overbroad enforcement law proposals drafted by monopoly industry lobbyists, and rushed into law through strategic lobbying by the same corporate interests that backed SOPA and PIPA. Tens of thousands are protesting in the streets in Poland as their ambassador signed the agreement in Tokyo. The EU Parliament’s website and others have come under attack for their involvement in these laws. The Member of the European Parliament who was appointed to be the rapporteur for ACTA in the European Parliament, Kader Arif, quit yesterday in protest. In a statement he said:

I want to denounce in the strongest possible manner the entire process that led to the signature of this agreement: no inclusion of civil society organisations, a lack of transparency from the start of the negotiations, repeated postponing of the signature of the text without an explanation being ever given, exclusion of the EU Parliament's demands that were expressed on several occasions in our assembly…

…This agreement might have major consequences on citizens' lives, and still, everything is being done to prevent the European Parliament from having its say in this matter. That is why today, as I release this report for which I was in charge, I want to send a strong signal and alert the public opinion about this unacceptable situation. I will not take part in this masquerade.

We couldn’t have said it better ourselves. ACTA may have been signed by public officials, but it’s crystal clear that they are not representing the public interest.

It is now up to the collective will of the public to decide what to do next, and for individuals to ask themselves what they want their government to look like. Do you believe in democracy? Do you believe that laws should be made to reflect our collective best interests, formulated through an open transparent process? One that allows everyone, from experts to civil society members, to analyze, question and probe an agreement that will lead to laws that will impact potentially billions of lives? If we don’t do anything now, this agreement is going to crawl itself into power. With the future at stake like this, it’s never too late to fight.

~

If you live in Europe or have EU Citizenship, follow these links to learn how you can take immediate action and stay informed on the latest updates:

La Quadrature du Net (@laquadrature): How to Act Against ACTA

European Digital Rights (@EDRi_org): Stop ACTA!

Open Rights Group (@OpenRightsGroup): ACTA: signed, not yet sealed - now it's up to us

Foundation for a Free Information Infrastructure (@FFII): ACTA Blog

For those in the U.S., you can demonstrate your opposition to the dubious decision to negotiate ACTA as a sole executive agreement to bypass proper congressional review by signing this petition on the whitehouse.gov website, demanding the Administration submit ACTA to the Senate for approval.

EFF will continue to monitor ACTA's global implementation and watch for efforts to use ACTA to broaden US enforcement powers.

• 1. United States, Australia, Canada, Japan, Morocco, New Zealand, Singapore, and South Korea
• 2. (See also here [pdf] and here).

Related Issues: InternationalAnti-Counterfeiting Trade Agreement