San Francisco - An appeals court published redacted briefing by the Electronic Frontier Foundation (EFF) today arguing that national security letters (NSLs) and their accompanying gag orders violate the free speech rights of companies who want to keep their users informed about government surveillance.

EFF represents two service providers in challenging the NSL statutes in front of the United States Court of Appeals for the Ninth Circuit. Most of the proceedings have been sealed since the case began five years ago, but some redacted documents have been released after government approval.

“Just this week we’ve seen Open Whisper Systems—the company behind the Signal messaging service—successfully fight a government gag order attached to a subpoena for customer information. Meanwhile, Yahoo is facing criticism for allowing the government wide-ranging access to its users’ communications,” said EFF Staff Attorney Andrew Crocker. “Our clients want to join this conversation, using their own experiences as a basis to talk about what kind of government surveillance is appropriate and what reform is needed—but NSL gags prevent them from doing so. We’re asking the court to strike down this unconstitutional statute so we can have the robust and inclusive debate that this issue deserves.”

The NSL statutes have been highly controversial since their use was expanded under the USA PATRIOT Act. With an NSL, the FBI—on its own, and without court approval—can issue a secret letter to a communications provider, demanding information about its customers. In this case and nearly all others, the NSL is issued in conjunction with a gag order, preventing the companies from notifying users of the demand or discussing the letter at all. Congress changed some parts of the statute in 2015, but retained the basic elements of the gags. In fact, EFF’s clients still cannot identify themselves publicly or share their experiences as part of the debate over government surveillance of technology services.

“Our clients want to be able to issue accurate transparency reports and talk to their customers about how they try to defend users from overreaching government investigations,” Crocker said. “But instead, the FBI instituted indefinite gag orders to shield its demands for information. This is an unconstitutional restriction of our clients’ First Amendment rights.”

For the full redacted brief:
https://www.eff.org/document/16-16067-opening-brief-redacted

For more on national security letters:
https://www.eff.org/issues/national-security-letters

Washington, D.C.—The Electronic Frontier Foundation (EFF) asked a court Thursday for an order that would prevent the government from prosecuting its client, security researcher Matthew Green, for publishing a book about making computer systems more secure.  

Green is writing a book about methods of security research to recognize vulnerabilities in computer systems. This important work helps keep everyone safer by finding weaknesses in computer code running devices critical to our lives—electronic devices, cars, medical record systems, credit card processing, and ATM transactions. Green’s aim is to publish research that can be used to build more secure software.

But publishing the book, tentatively entitled Practical Cryptographic Engineering, could land Green in jail under an onerous and unconstitutional provision of copyright law. To identify security vulnerabilities in a device he has purchased, Green must work directly with copyrighted computer code, bypassing control measures meant to prevent the code from being accessed. Even though this kind of research is traditionally a “fair use” permitted by copyright law, Digital Millennium Copyright Act  (DMCA) Section 1201 threatens criminal and civil penalties— including jail time—for performing it or publishing information about the methods of security research. The exemptions Congress included in the 1998 DMCA to protect security researchers from prosecution are vague, limited, and provide inadequate assurance against the serious legal ramifications of Section 1201 lawsuits—something the government itself has acknowledged.

“Under Section 1201, computer researchers can face serious penalties just for selling a book that would help people build better, more secure computer systems,” said EFF Legal Director Corynne McSherry. “As we explained when we filed a legal challenge to the law in July, such penalties violate the First Amendment and threaten ordinary people for publishing research or even talking about circumventing computer code that’s embedded in nearly everything we own. With the lawsuit underway, we’re asking the court to bar the government from prosecuting Dr. Green so he can publish a book that’s clearly in the public interest.”

“If we want our communications and devices to be secure, we need to protect independent security researchers like Dr. Green,” said EFF Staff Attorney Kit Walsh. “Researchers should be encouraged to educate the public and the next generation of computer scientists. Instead, they are threatened by an unconstitutional law that has come unmoored from its original purpose of addressing copyright infringement. We’re going to court to protect everyone whose speech is squelched by this law, starting with Dr. Green and his book.”

EFF filed the Section 1201 lawsuit and Thursday's request for a court order with co-counsel Brian Willen, Stephen Gikow, and Lauren Gallo White of Wilson Sonsini Goodrich & Rosati.

For the motion for preliminary injunction:
https://www.eff.org/document/green-v-doj-motion-preliminary-injunction

For more about this case:
https://www.eff.org/cases/green-v-us-department-justice

Seattle, Washington—The Electronic Frontier Foundation (EFF) told a federal court today that the government is violating the U.S. Constitution when it fails to notify people that it has accessed or examined their private communications stored by Internet providers in the cloud. 

EFF is supporting Microsoft in its lawsuit challenging portions of the Electronic Communications Privacy Act (ECPA) that allow the Department of Justice (DOJ) to serve a warrant on the company to get access to customers’ emails and other information stored on remote servers—all without telling users their data is being searched or seized. In a brief filed in Microsoft v. Department of Justice in U.S. District Court in Seattle, EFF, joined by Access Now, New America’s Open Technology Institute, and legal scholar Jennifer Granick, said Fourth Amendment protections against unreasonable searches and seizures by the government apply to all of our information—no matter what the format or where it’s located.

“Whether the government has a warrant to rifle through our mail, safety deposit boxes, or emails stored in the cloud, it must notify people about the searches,” said EFF Senior Staff Attorney Lee Tien. “When electronic searches are done in secret, we lose our right to challenge the legality of law enforcement invasions of privacy. The Fourth Amendment doesn’t allow that, and it’s time for the government to step up and respect the Constitution.”

Microsoft sued DOJ earlier this year challenging ECPA provisions enacted 30 years ago, long before the emergence of ubiquitous cloud computing that now plays a vital role in the storage of private communications. The government has used the transition to cloud computing as an opening to conduct secret electronic investigations by serving search warrants on Internet service providers seeking users’ emails, the lawsuit says. The government, which wants the case thrown out, doesn’t let account holders know their data is being accessed because of the unconstitutional ECPA provision, while service providers like Microsoft are gagged from telling customers about the searches.

“When people kept personal letters in a desk drawer at home, they knew if that information was about to be searched because the police had to knock on their door and show a warrant,” said EFF Staff Attorney Sophia Cope. “The fact that today our private emails are kept on a server maintained by an Internet company doesn’t change the government’s obligations under the Fourth Amendment. The Constitution requires law enforcement to tell people they are the target of a search, which enables them to vindicate their rights and provides a free society with a crucial means of government accountability.” 

EFF thanks Seattle attorney Venkat Balasubramani of FocalLaw P.C. for his assistance as local counsel. 

For the brief:
https://www.eff.org/document/microsoft-v-justice-department-amicus-brief

About this case:
https://www.eff.org/cases/microsoft-v-department-justice

San Francisco - The Electronic Frontier Foundation (EFF) is pleased to announce the distinguished winners of the 2016 Pioneer Awards: Malkia Cyril of the Center for Media Justice, data protection activist Max Schrems, the authors of the “Keys Under Doormats” report that counters calls to break encryption, and the lawmakers behind CalECPA—a groundbreaking computer privacy law for Californians.

The award ceremony will be held the evening of September 21 at Delancey Street’s Town Hall Room in San Francisco. The keynote speaker is award-winning investigative journalist Julia Angwin, whose work on corporate invasions of privacy has uncovered the myriad ways companies collect and control personal information. Her recent articles have sought to hold algorithms accountable for the important decisions they make about our lives. Tickets are $65 for current EFF members, or $75 for non-members.  

Malkia A. Cyril is the founder and executive director of the Center for Media Justice and co-founder of the Media Action Grassroots Network, a national network of community-based organizations working to ensure racial and economic justice in a digital age. Cyril is one of few leaders of color in the movement for digital rights and freedom, and a leader in the Black Lives Matter Network—helping to bring important technical safeguards and surveillance countermeasures to people across the country who are fighting to reform systemic racism and violence in law enforcement. Cyril is also a prolific writer and public speaker on issues ranging from net neutrality to the communication rights of prisoners. Their comments have been featured in publications like Politico, Motherboard, and Essence Magazine, as well as three documentary films. Cyril is a Prime Movers fellow, a recipient of the 2012 Donald H. McGannon Award for work to advance the roles of women and people of color in the media reform movement, and won the 2015 Hugh Hefner 1st Amendment Award for framing net neutrality as a civil rights issue.

Max Schrems is a data protection activist, lawyer, and author whose lawsuits over U.S. companies’ handling of European Union citizens’ personal information have changed the face of international data privacy. Since 2011 he has worked on the enforcement of EU data protection law, arguing that untargeted wholesale spying by the U.S. government on Internet communications undermines the EU’s strict data protection standards. One lawsuit that reached the European Court of Justice led to the invalidation of the “Safe Harbor” agreement between the U.S. and the EU, forcing governments around the world to grapple with the conflict between U.S. government surveillance practices and the privacy rights of citizens around the world. Another legal challenge is a class action lawsuit with more than 25,000 members currently pending at the Austrian Supreme Court. Schrems is also the founder of “Europe v Facebook,” a group that pushes for social media privacy reform at Facebook and other companies, calling for data collection minimization, opt-in policies instead of opt-outs, and transparency in data collection.

The “Keys Under Doormats” report has been central to grounding the current encryption debates in scientific realities. Published in July of 2015, it emerged just as calls to break encryption with “backdoors” or other access points for law enforcement were becoming pervasive in Congress, but before the issue came into the global spotlight with the FBI’s efforts against Apple earlier this year. “Keys Under Doormats” both reviews the underlying technical considerations of the earlier encryption debate of the 1990s and examines the modern systems realities, creating a compelling, comprehensive, and scientifically grounded argument to protect and extend the availability of encrypted digital information and communications. The authors of the report are all security experts, building the case that weakening encryption for surveillance purposes could never allow for any truly secure digital transactions. The “Keys Under Doormats” authors are Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter, and Daniel J. Weitzner. Work on the report was coordinated by the MIT Internet Policy Research Initiative.

CalECPA—the California Electronic Communications Privacy Act—is a landmark law that safeguards privacy and free speech rights. CalECPA requires that a California government entity gets a warrant to search electronic devices or compel access to any electronic information, like email, text messages, documents, metadata, and location information—whether stored on the electronic device itself or online in the “cloud.” CalECPA gave California the strongest digital privacy law in the nation and helps prevent abuses before they happen. In many states without this protection, police routinely claim the authority to search sensitive electronic information about who we are, where we go, and what we do—without a warrant. CalECPA was introduced by California State Senators Mark Leno (D-San Francisco) and Joel Anderson (R-Alpine), who both fought for years to get stronger digital privacy protections for Californians. Leno has been a champion of improved transportation, renewable energy, and equal rights for all, among many other issues. Anderson regularly works across party lines to protect consumer privacy in the digital world.

“We are honored to announce this year’s Pioneer Award winners, and to celebrate the work they have done to make communications private, safe, and secure,” said EFF Executive Director Cindy Cohn. “The Internet is an unprecedented tool for everything from activism to research to commerce, but it will only stay that way if everyone can trust their technology and the systems it relies on. With this group of pioneers, we are building a digital future we can all be proud of.”

Awarded every year since 1992, EFF’s Pioneer Awards recognize the leaders who are extending freedom and innovation on the electronic frontier. Previous honorees have included Aaron Swartz, Citizen Lab, Richard Stallman, and Anita Borg.

Sponsors of the 2016 Pioneer Awards include Adobe, Airbnb, Dropbox, Facebook, and O’Reilly Media.

To buy tickets to the Pioneer Awards:
https://www.eff.org/Pioneer2016

San Francisco—Journalists and political activists critical of Kazakhstan’s authoritarian government, along with their family members, lawyers, and associates, have been targets of an online phishing and malware campaign believed to be carried out on behalf of the government of Kazakhstan, according to a new report by the Electronic Frontier Foundation (EFF).

Malware was sent to Irina Petrushova and Alexander Petrushov, publishers of the independent newspaper Respublika, which was forced by the government of Kazakhstan to stop printing after years of exposing corruption but has continued to operate online. Also targeted are family members and attorneys of Mukhtar Ablyazov, co-founder and leader of opposition party Democratic Choice of Kazakhstan, as well as other prominent dissidents.

The campaign—which EFF has called “Operation Manul,” after endangered wild cats found in the grasslands of Kazakhstan—involved sending victims spearphishing emails that tried to trick them into opening documents which would covertly install surveillance software capable of recording keystrokes, recording through the webcam, and more. Some of the software used in the campaign is commercially available to anyone and sells for as little as $40 online.

Spearphishing emails and malware sent to members of the Ablyazov family while they were in exile in Italy may have helped track the whereabouts of Mukhtar Ablyazov’s wife and young daughter.  Despite having legal European resident permits, the two were taken into custody in Italy in 2013 and forcibly deported to Kazakhastan. Many targets of the malware campaign are also involved in litigation with the government of Kazakhstan, including the publishers of Respublika noted above. EFF represented Respublika in a U.S. lawsuit during the course of which the government has attempted to censor the site and discover Respublika’s confidential sources

Kazakhstan is a former Soviet republic that heavily restricts freedom of speech and assembly, and where torture is a serious problem, according to Human Rights Watch. The republic was ranked 160 out of 180 countries tracked by Reporters Without Borders for attacks on journalistic freedom and independence.

“The use of malware to spy on and intimidate dissidents beyond their borders is an increasingly common tactic employed by oppressive governments,” said Eva Galperin, Global Policy Analyst at EFF and one of the report’s authors. “As we have seen in places like Syria and Vietnam, journalists and political opposition leaders are being attacked in both the physical and digital worlds. Regimes are turning to covertly installed malware to track, harass, and silence those who seek to expose corruption and inform the public about human rights abuses—especially targets that have moved beyond the regime's sphere of control. Based on available evidence, we believe this campaign is likely to have been carried out on behalf of the government of Kazakhstan.”

EFF researchers, along with technologists at First Look Media and Amnesty International, examined data about suspected espionage groups and found overlaps between Operation Manul and Appin Security Group, an Indian company that has been linked with several other attack campaigns.

“Appin has been linked by cybersecurity firm Norman Shark to cyber-attacks against a Norwegian telecom company, Punjabi separatists, and others," said EFF Staff Technologist Cooper Quintin. “We found that some of the technology infrastructure used in those cyber attacks overlapped with the infrastructure used in Operation Manul. “

“Our research shows that such cheap, commercially available malware can have a real impact on vulnerable populations,” said Galperin. “Much of the past research in this area has exposed campaigns carried out by governments using spy software which they have purchased. In this case, the evidence suggests that the government of Kazakhstan hired a company to carry out the attacks on their behalf.”

For the report:
https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf

Washington D.C.—The Electronic Frontier Foundation (EFF) sued the U.S. government today on behalf of technology creators and researchers to overturn onerous provisions of copyright law that violate the First Amendment.

EFF’s lawsuit, filed with co-counsel Brian Willen, Stephen Gikow, and Lauren Gallo White of Wilson Sonsini Goodrich & Rosati, challenges the anti-circumvention and anti-trafficking provisions of the 18-year-old Digital Millennium Copyright Act (DMCA). These provisions—contained in Section 1201 of the DMCA—make it unlawful for people to get around the software that restricts access to lawfully-purchased copyrighted material, such as films, songs, and the computer code that controls vehicles, devices, and appliances. This ban applies even where people want to make noninfringing fair uses of the materials they are accessing. 

Ostensibly enacted to fight music and movie piracy, Section 1201 has long served to restrict people’s ability to access, use, and even speak out about copyrighted materials—including the software that is increasingly embedded in everyday things. The law imposes a legal cloud over our rights to tinker with or repair the devices we own, to convert videos so that they can play on multiple platforms, remix a video, or conduct independent security research that would reveal dangerous security flaws in our computers, cars, and medical devices. It criminalizes the creation of tools to let people access and use those materials.

Copyright law is supposed to exist in harmony with the First Amendment. But the prospect of costly legal battles or criminal prosecution stymies creators, academics, inventors, and researchers. In the complaint filed today in U.S. District Court in Washington D.C., EFF argues that this violates their First Amendment right to freedom of expression.

“The creative process requires building on what has come before, and the First Amendment preserves our right to transform creative works to express a new message, and to research and talk about the computer code that controls so much of our world,” said EFF Staff Attorney Kit Walsh. “Section 1201 threatens ordinary people with financial ruin or even a prison sentence for exercising those freedoms, and that cannot stand.”

EFF is representing plaintiff Andrew “bunnie” Huang, a prominent computer scientist and inventor, and his company Alphamax LLC, where he is developing devices for editing digital video streams. Those products would enable people to make innovative uses of their paid video content, such as captioning a presidential debate with a running Twitter comment field or enabling remixes of high-definition video. But using or offering this technology could run afoul of Section 1201.

“Section 1201 prevents the act of creation from being spontaneous,’’ said Huang. “Nascent 1201-free ecosystems outside the U.S. are leading indicators of how far behind the next generations of Americans will be if we don’t end this DMCA censorship. I was born into a 1201-free world, and our future generations deserve that same freedom of thought and expression.”

EFF is also representing plaintiff Matthew Green, a computer security researcher at Johns Hopkins University who wants to make sure that we all can trust the devices that we count on to communicate, underpin our financial transactions, and secure our most private medical information. Despite this work being vital for all Americans' safety, Green had to seek an exemption from the Library of Congress last year for his security research.

“The government cannot broadly ban protected speech and then grant a government official excessive discretion to pick what speech will be permitted, particularly when the rulemaking process is so onerous,” said Walsh. “If future generations are going to be able to understand and control their own machines, and to participate fully in making rather than simply consuming culture, Section 1201 has to go.”

For the complaint:
https://www.eff.org/document/1201-complaint

San Francisco—The Electronic Frontier Foundation (EFF), the Tor Project, and dozens of other organizations are calling today on citizens and website operators to take action to block a new rule pushed by the U.S. Justice Department that would greatly expand the government’s ability to hack users’ computers and interfere with anonymity on the web.

EFF and over 40 partner organizations are holding a day of action for a new campaign—noglobalwarrants.org—to engage citizens about the dangers of Rule 41 and push U.S. lawmakers to oppose it. The process for updating these rules—which govern federal criminal court processes—was intended to deal exclusively with procedural issues. But this year a U.S. judicial committee approved changes in the rule that will expand judicial authority to grant warrants for government hacking.

“The government is attempting to use a process designed for procedural changes to expand its investigatory powers,” said EFF Activism Director Rainey Reitman. “Make no mistake: these changes to Rule 41 will result in a dramatic increase in government hacking. The government is trying to avoid scrutiny and sneak these new powers past the public and Congress through an obscure administrative process.”

Right now, Rule 41 only authorizes federal magistrate judges to issue warrants to conduct searches in the judicial district where the magistrate is located. The new Rule 41 would for the first time authorize magistrates to issue warrants when “technological means,” like Tor or virtual private networks (VPNs), are obscuring the location of a computer. In these circumstances, the rule changes would authorize warrants to remotely access, search, seize, or copy data on computers, wherever in the world they are located.

“Tor users worldwide could be affected by these new rules,” said Kate Krauss, Director of Public Policy and Communications for the Tor Project. “Tor is used by journalists, members of Congress, diplomats, and human rights activists who urgently need its protection to safeguard their privacy and security—but these rules will give the Justice Department new authority to snoop into their computers."

The changes to Rule 41 would also take the unprecedented step of allowing a court to issue a warrant to hack into the computers of innocent Internet users who are themselves victims of a botnet, EFF and its partners said in a letter to members of Congress today.

EFF and its partners launched noglobalwarrants.org, a campaign page outlining problems with the changes to Rule 41 and listing over 40 Internet companies, digital privacy providers, and public interest groups that support the project. The coalition is asking website owners to embed on their sites unique code that will display a banner allowing people to email members of Congress or sign a petition opposing Rule 41. The groups are also calling on citizens to speak out against Rule 41 on social media and blogs. The aim is to send a message to Congress that it should not authorize this expansion of government hacking and must reject Rule 41 changes.

For the coalition letter:
https://www.eff.org/document/rule-41-coalition-letter

For noglobalwarrants.org:
https://noglobalwarrants.org/

West Palm Beach, Florida—The Electronic Frontier Foundation (EFF) filed a lawsuit today against a well-known patent troll that tried to shake down a small business owner for tens of thousands of dollars on bogus claims of infringement on patents that were never used and were expired or invalid.

Defendant Shipping & Transit LLC has filed hundreds of lawsuits asserting frivolous patent infringement claims as part of its business model to intimidate and extort money from people, EFF alleged in a complaint filed with co-counsel Julie Turner of California-based Turner Boyd and Matthew Sarelson with Miami-based Kaplan Young & Moll Parrón. Shipping & Transit sends out letters accusing businesses of patent infringement and demanding thousands of dollars to license the patents or settle the matter. It then routinely sues those who don’t pay up to extort “nuisance value” settlements.

In a lawsuit filed in the U.S. District Court for the Southern District of Florida, EFF is representing Jason Cugle, who last year began running a small business selling accessories for electronic cigarettes. Cugle, a Maryland resident, received a letter accusing his company and website (Triple7vaping.com) of violating Shipping & Transit’s patents, which relate to ideas for monitoring and reporting the status of delivery vehicles. Cugle simply sent customer shipments through the U.S. Postal Service (USPS) and manually emailed each customer a message saying the package had been shipped and providing the USPS tracking number. Florida-based Shipping & Transit claims its patents cover a variety of methods of notifying people when a vehicle is about to reach its destination, including Cugle’s.

“The claims are absurd. Not only did three of the four patents expire two years before Mr. Cugle started his mail order business, they are not valid in the first place and he hasn’t infringed anything,” said EFF Staff Attorney Vera Ranieri. “What is worse, Shipping & Transit tried to force Mr. Cugle to sign a vaguely-worded affidavit swearing that he wasn’t using ‘monitoring systems’ and threatened him with a document that made it look like there was a lawsuit against him, though the complaint wasn’t filed in any court. These are the tactics of patent trolls who hope to intimidate and bully innocent people and businesses into paying them money to avoid the high costs of a lawsuit.”

Shipping & Transit used to be known as ArrivalStar, a notorious patent troll that sued towns and cities claiming that notifying citizens when a bus was due to arrive infringed its patents.

“Filing complaints in bad faith, asserting infringement of unenforceable patents, falsely accusing people of infringing, and abusing the court system to wrangle settlements out of people violate Maryland law,” said Ranieri. “We are asking the court to hold Shipping & Transit accountable for its improper tactics, and also rule that the patents aren’t valid and were not infringed. Shipping & Transit’s baseless patent infringement claims and shady tactics must be stopped.”

For the complaint:
https://www.eff.org/document/cugle-v-shipping-transit

San Francisco—On Tuesday and Wednesday, May 24-25, Electronic Frontier Foundation (EFF) Staff Attorney Kit Walsh and Senior Staff Attorney Mitch Stoltz will participate in public roundtable discussions about the impact of U.S. copyright law on freedoms to investigate and improve the software embedded in everyday products, devices, and appliances.

The discussions, being held at University of California Hastings College of the Law in San Francisco, are hosted by the U.S. Copyright Office, which is studying copyright issues related to the “Internet of Things” and the consequences of Section 1201 of the Digital Millennium Copyright Act (DMCA). Section 1201, while intended to prevent infringement of copyrighted media, has also blocked people from accessing software that controls everything from their mobile phones and video games to cars and insulin pumps.

Section 1201 was enacted to combat copyright infringement of digital works by making it unlawful to circumvent access controls on those works, such as the encryption on a DVD. Because of the broad definition of a copyrighted work, however, Section 1201 gives legal teeth to manufacturers who want to lock product owners out of the ability to tinker with, repair, or modify their own software-enabled devices. The restrictions have also prevented independent researchers from evaluating the software in cars and other devices for impacts on security, safety, privacy, and even the environment.

At the roundtable discussions, Walsh will speak about how overly-broad copyright restrictions on everyday products combine with one-sided end user license agreements to frustrate user freedom, research, and innovation. Stoltz will speak about Section 1201's overreaching restriction on circumventing technologies that control devices and products, and the burdensome, every-three-year procedure to get exemptions from Section 1201.

What:
U.S. Copyright Office Roundtables for Software-Enabled Computer Products and Section 1201 Studies

Who:
EFF Staff Attorney Kit Walsh
EFF Senor Staff Attorney Mitch Stoltz

When:
Tuesday, May 24, 9 am to 2:45 pm
Wednesday, May 25, 9 am to 4:15 pm

Where:
UC Hastings College of the Law
Alumni Reception Center
200 McAllister St.
San Francisco, CA 94102

Update: This hearing has been vacated. In an order issued late Tuesday, the judge asked for supplemental briefing from the parties. A new hearing date may be set once that briefing is complete.

San Francisco – On Thursday, May 19, at 10 am, the Electronic Frontier Foundation (EFF) will urge a federal judge to let the public see records about “Hemisphere,” a massive drug enforcement database containing decades of telephone metadata.

Reporters at the New York Times uncovered the Hemisphere program in 2013. Funded by the Drug Enforcement Agency (DEA) and the White House’s Office of National Drug Control Policy, Hemisphere places AT&T employees inside law enforcement agencies to facilitate quick access to call records data—including who called who, when, and how long they spoke—typically without any court oversight. The New York Times found that investigators were encouraged to keep Hemisphere “under the radar” by using “parallel subpoenas” and then “walling off” Hemisphere information from public scrutiny.

EFF filed a Freedom of Information Act (FOIA) request to learn more about the program and how it was used by law enforcement, but the government released only a small amount of heavily redacted records in response. At Thursday's hearing, EFF Senior Staff Attorney Adam Schwartz will argue that the government must stop misusing public records law to hide information about Hemisphere.

What:
Electronic Frontier Foundation v. Department of Justice

Who:
EFF Senior Staff Attorney Adam Schwartz

When:
10 am
Thursday, May 19

Where:
United States District Court
450 Golden Gate Avenue, 15th Floor, Courtroom B
San Francisco, CA

For more about Hemisphere and EFF’s FOIA lawsuit:
https://www.eff.org/cases/hemisphere

San Francisco - The “sharing” or “gig” economy is booming—you can get rides with companies like Uber, hire people to run errands with services like Taskrabbit, or find a place to stay on websites like Airbnb. These companies connect people offering services to people purchasing them, and in the process they have access to vast amounts of personal data. But how well do these companies protect your information from the government? The sixth annual “Who Has Your Back” report from the Electronic Frontier Foundation (EFF) surveyed the biggest providers in the gig economy to find out.

“These companies collect information on what you buy, where you sleep, and where you travel—whether you are offering services, or purchasing them,” said EFF Activism Director Rainey Reitman. “Often they go even further, collecting contents of communications and geolocation information from your cell phone. But are these companies respecting their users’ rights when the government comes knocking? For much of the gig economy, the answer is no.”

This year’s report analyzed ten companies, and only Uber and Lyft earned credit in all the categories we assessed, including transparency around government access requests, advocacy on the federal level for user privacy, and commitment to providing users with notice about law enforcement data requests. FlipKey, Airbnb, and Instacart also received stars in some categories, but Getaround, Postmates, Taskrabbit, Turo, and VRBO received no credit in any category.

“We see a clear trend in our report: while some sharing economy companies have prioritized standing up for user privacy in the face of government demands, many others have not,” said EFF Senior Staff Attorney Nate Cardozo. “This is a wake-up call to the gig economy companies and the people who use them. It’s time for these services to catch up with the rest of the industry and safeguard our data from government overreach—ensuring that law enforcement access to this trove of information is fair, just, and only in accordance with the rule of law.”

EFF has published its Who Has Your Back report—an annual overview of the public policies and practices of major technology and communications companies in response to law enforcement requests—for six years. While no company achieved credit in every category in the first report back in 2011, more than half of the companies got stars in four or five categories in 2015, and 23 of 24 followed industry best practices. As the first set of companies we looked at has improved so substantially, we decided it was time to turn to the sharing economy.

“Shifts in industry momentum can take time. It took several years before we saw widespread adoption of the best practices promoted in our first Who Has Your Back reports,” said EFF Deputy Executive Director Kurt Opsahl. “The users are the lifeblood of these companies, and next year’s report will provide them an opportunity to adopt best practices and stand up for the people who make their businesses work.”

For the full Who Has Your Back report:
https://www.eff.org/who-has-your-back-2016

San Francisco - A federal judge has unsealed her ruling that National Security Letter (NSL) provisions in federal law—as amended by the USA FREEDOM Act—don’t violate the Constitution. The ruling allows the FBI to continue to issue the letters with accompanying gag orders that silence anyone from disclosing they have received an NSL, often for years. The Electronic Frontier Foundation (EFF) represents two service providers in challenging the NSL statutes, who will appeal this decision to the United States Court of Appeals for the Ninth Circuit.

“Our heroic clients want to talk about the NSLs they received from the government, but they’ve been gagged—one of them since 2011,” said EFF Deputy Executive Director Kurt Opsahl. “This government silencing means the service providers cannot issue open and honest transparency reports and can’t share their experiences as part of the ongoing public debate over NSLs and their potential for abuse. Despite this setback, we will take this fight to the appeals court, again, to combat USA FREEDOM’s unconstitutional NSL provisions.”

This long-running battle started in 2011, after one of EFF’s clients challenged an NSL and the gag order it received. In 2013, U.S. District Court Judge Susan Illston issued a groundbreaking decision, ruling that the NSL power was unconstitutional. However, the government appealed, and the Ninth Circuit found that changes made by the USA FREEDOM Act passed by Congress last year required a new review by the District Court.

In the decision unsealed this week, the District Court found that the USA FREEDOM Act sufficiently addressed the facial constitutional problems with the NSL law. However, she also ruled that the FBI had failed to provide a sufficient justification for one of our client’s challenges to the NSLs. After reviewing the government’s justification, the court found no “reasonable likelihood that disclosure … would result in danger to the national security of the United States,” or other asserted dangers, and prohibited the government from enforcing that gag. However, the client still cannot identify itself because the court stayed this portion of the decision pending appeal.

“We are extremely disappointed that the superficial changes in the NSL statutes were determined to be good enough to meet the requirements of the First Amendment,” said EFF Staff Attorney Andrew Crocker. “NSL recipients still can be gagged at the FBI’s say-so, without any procedural protections, time limits or judicial oversight. This is a prior restraint on free speech, and it’s unconstitutional.”

The NSL statutes have been highly controversial since their use was expanded under the USA PATRIOT Act. With an NSL, the FBI—on its own, without any judge’s approval—can issue a secret letter to communications service providers, requiring the service to turn over subscriber and other basic non-content information about their customers. The gag orders that the FBI routinely issues along with an NSL have hampered discussion and debate about the process.

For the full unsealed order:
https://www.eff.org/document/redacted-order

For more on National Security Letters:
https://www.eff.org/issues/national-security-letters

Washington, D.C. - Content takedowns based on unfounded copyright claims are hurting online free expression, the Electronic Frontier Foundation (EFF) told the U.S. Copyright Office Friday, arguing that any reform of the Digital Millennium Copyright Act (DMCA) should focus on protecting Internet speech and creativity.

EFF’s written comments were filed as part of a series of studies on the effectiveness of the DMCA, begun by the Copyright Office this year. This round of public comments focuses on Section 512, which provides a notice-and-takedown process for addressing online copyright infringement, as well as “safe harbors” for Internet services that comply.

“One of the central questions of the study is whether the safe harbors are working as intended, and the answer is largely yes," said EFF Legal Director Corynne McSherry. “The safe harbors were supposed to give rightsholders streamlined tools to police infringement, and give service providers clear rules so they could avoid liability for the potentially infringing acts of their users. Without those safe harbors, the Internet as we know it simply wouldn’t exist, and our ability to create, innovate, and share ideas would suffer.”

As EFF also notes in its comments, however, the notice-and-takedown process is often abused. A recent report found that the notice-and-takedown system is riddled with errors, misuse, and overreach, leaving much legal and legitimate content offline. EFF’s comments describe numerous examples of bad takedowns, including many that seemed based on automated content filters employed by the major online content sharing services. In Friday’s comments, EFF outlined parameters endorsed by many public interest groups to rein in filtering technologies and protect users from unfounded blocks and takedowns.

“A significant swath of lawful speech is getting blocked from the Internet, just because it makes use of a copyrighted work,” said EFF Staff Attorney Kit Walsh. “The Internet needs fewer bad copyright claims—not more burdensome copyright laws—to protect speech.”

For EFF’s full comments to the copyright office:
https://www.eff.org/document/eff-512-study-comments

Riverside, California—The Electronic Frontier Foundation (EFF) and 46 technology industry experts, including inventors of modern cryptography, told a federal court today that forcing Apple to write and sign computer code disabling crucial iPhone security features that protect millions of users violates the company’s free speech rights.

The Federal Bureau of Investigation (FBI) should not be allowed to, in effect, stand over the shoulders of Apple programmers and force them to create and sign off on code that would decimate the iPhone’s security, EFF said. The signed code would send a clear message that it’s OK to undermine encryption that users rely on—a view the government endorses but Apple fiercely opposes. EFF made its arguments in a friend-of-the-court brief filed today in U.S. District Court for the Central District of California. The brief was signed by 46 technologists, security researchers, and cryptographers, including digital signature pioneers Martin Hellman and Ronald Rivest.

The phone at issue was used by a suspect in December’s San Bernardino mass shooting who was killed after the attack. A federal court issued a preliminary order that would require Apple to edit iOS to disable security features that protect the phone’s contents from surveillance, hackers, and thieves. The code must be digitally signed by Apple in order to run on the iPhone—a signature that guarantees the code is approved and endorsed by Apple.

“The court order is akin to the government dictating a letter endorsing backdoors and forcing Apple to sign its forgery-proof name at the bottom,’’ said EFF Civil Liberties Director David Greene.  “In our democracy, no one—not technology companies, coders, or average citizens—can be forced to write an article, carry a sign, post an update on Facebook or write and sign computer code that communicates or endorses a government idea that they don’t agree with. What the FBI asked the court to do violates free speech rights and puts the security and privacy of millions of people at risk. We are asking the court to throw out this dangerous and unconstitutional order.”

EFF has particular expertise in the First Amendment issues in this court battle, as it spearheaded cases in the early 1990s and 2000s leading courts to recognize computer code merited protection under the Constitution.  

A magistrate judge in Riverside, California, granted the FBI’s request under the All Writs Act—a statute that gives judges the ability to command an entity or person assist in the enforcement of an order, as long as it’s necessary and legal. But the order fails to meet that standard for many reasons, including that it violates Apple’s constitutionally guaranteed right against being compelled to speak for the government.

“Apple has said that it believes the best thing for the world is for all of us to have uncompromised security, not compromised security,” said EFF Executive Director Cindy Cohn. “What the FBI is demanding is that Apple publicly capitulate to the government’s views, and the fact that it would have to do so through writing and signing code makes no difference. This is far more than simply requiring Apple to turn over evidence that it has in its custody; this violates the First Amendment.”

For the full amicus brief:

https://www.eff.org/files/2016/03/03/16cm10sp_eff_apple_v_fbi_amicus_court_stamped.pdf

For more on this case:

https://www.eff.org/cases/apple-challenges-fbi-all-writs-act-order

San Francisco - The Electronic Frontier Foundation (EFF) and an international coalition of groups representing Internet users, consumers, and scholars are calling for reform of the negotiation of global trade agreements in order to protect Internet and other digital rights for communities around the world.

The “Brussels Declaration on Trade and the Internet” was signed by 20 groups and individuals concerned about secretive and closed trade negotiations, like the ones that were behind the Trans-Pacific Partnership agreement (TPP).  The TPP is now awaiting ratification from 12 countries but was under development for seven years before the completed text was released for the public to see. However, advisors for big corporations were allowed to view and comment on draft texts. As a result, TPP includes restrictive copyright enforcement regulations that will hurt free expression, innovation, and privacy on the Internet and elsewhere.

“We need an international trading system that is fair, sustainable, democratic, and accountable,” said EFF Global Policy Analyst Jeremy Malcolm. “But you can only achieve that result through public participation. The secrecy we’ve seen in the TPP and similar agreements locks out important views from the global digital rights community and other experts. That’s insight we need to make sure we are protecting rights for everyone around the world.”

The declaration makes six specific recommendations for countries participating in global trade agreements, including regular releases of draft proposals, ample opportunity for public comment and feedback, and engagement of organizations and experts representing Internet users and consumers.

“Digital policy must be shaped through open and participatory means,” said Steve Anderson from OpenMedia. “If trade agreements are going to impact Internet governance they must ensure effective participation from experts and the public.”

“Trade agreements like the Trans-Pacific Partnership are shaping complex aspects of Internet policy but Internet users have no insight into the negotiations," says Denelle Dixon-Thayer, Mozilla’s Chief Legal and Business Officer. "At Mozilla, we believe that when policy is not developed in the open, users lose as a result. We want to change that.”

The Brussels Declaration on Trade and the Internet stems from a meeting in Belgium earlier this year on catalyzing reform of trade negotiation processes. Experts from four continents took part.

For the Brussels Declaration on Trade and the Internet:
https://www.eff.org/files/2016/02/22/brussels_declaration.pdf

For more on the declaration and its importance:
https://www.eff.org/deeplinks/2016/02/global-alliance-condemns-internet-rulemaking-through-closed-trade-agreements

San Francisco - The Electronic Frontier Foundation (EFF) urged the Department of Education today to protect university students’ right to speak anonymously online, warning that curtailing anonymous speech as part of anti-harassment regulations would not only violate the Constitution but also jeopardize important on-campus activism.

“Battling gender and racial harassment and threats on college campuses is vitally important,” said EFF Legal Director Corynne McSherry. “But some are calling for blanket bans on the use of platforms that allow anonymous comments, and that’s a counterproductive strategy. Online anonymity is crucial for students who fear retaliation for their political and social commentary. It helps many people avoid being targets of harassment in the first place.”

EFF’s letter to the Department of Education comes after a number of groups pressed for new federal guidelines for fighting online harassment. EFF agrees with the majority of the recommendations, including ensuring prompt reporting and investigation of all reports of harassment, and disciplining and/or prosecuting perpetrators. However, preemptively removing access to anonymous online speech platforms violates all students’ First Amendment rights—threatening projects like the USG Girl Mafia at the University of Southern California, where students anonymously map locations of assault reports on campus. Anonymity was also essential for student activists at Guilford College in North Carolina, who used an online form to collect anonymous testimonials about racial violence from those who felt unsafe revealing their identities.

Additionally, online speech bans are problematic because any technical restriction—like blocking on-campus access through the university’s wireless network, or limiting where students can access particular mobile applications or websites—will not prevent any student from going off-campus or joining another wireless network to comment anonymously.

“The Internet has an unmatched ability to help groups of people organize and communicate and be a force for positive social change,” said EFF Frank Stanton Legal Fellow Aaron Mackey. “Taking away choices for anonymous speech will curtail these activities without meaningfully preventing illegal harassment and threats. We urge the Department of Education to find solutions that protect all students.”

For the full letter to the Department of Education:
https://www.eff.org/document/effs-letter-office-civil-rights

San Francisco - The government cannot require Americans to go through an export licensing scheme prior to posting and sharing 3-D printer design files online, because publishing technical information is a form of speech protected by the First Amendment, the Electronic Frontier Foundation (EFF) told a federal appeals court Thursday.

The case is Defense Distributed v. United States Department of State, in which the Texas company sued the State Department after officials warned that criminal sanctions could be brought for publishing a 3-D printable file for a one-shot plastic gun, as well as other design and documentation files without a license. The State Department claimed that publishing the files on the Internet could violate the International Traffic in Arms Regulations (ITAR), which controls the international export of defense-related technology. After suggesting Defense Distributed put in an administrative request to determine whether the files were, in fact, controlled, the State Department sat on the request for nearly two years—only acting after Defense Distributed sued. It then concluded that a license was required to publish most of the files at issue.

The export controls regime provides no opportunity for a would-be publisher to challenge in court the State Department’s determination that a license is required, or the denial of a license. In an amicus brief filed in the United States Court of Appeals for the Fifth Circuit, EFF said that the State Department’s licensing regime for speech about defense-related technologies—many of which have civilian applications—violates the First Amendment.

“The First Amendment requires that speech be allowed except in the narrowest circumstances. Here, the export controls regime does not provide for judicial oversight or require the government to prove the appropriate conditions for a prior restraint of speech. Rather, the law criminalizes as a general matter the online publication of unclassified designs and documentation about a wide range of technologies,” said EFF Staff Attorney Kit Walsh.  “The Supreme Court has been very clear that any speech licensing regime has to be governed by definite standards of review, judicial oversight, and prompt deadlines. This process doesn’t contain any of those safeguards to prevent capricious censorship.”

The questions at issue in this lawsuit are a direct parallel to one of EFF’s first cases, the landmark Bernstein v. U.S. Department of State. In Bernstein, the court found that the source code for the first freely available encryption software was constitutionally protected free speech and that the government’s attempt to suppress it via export control licensing violated the First Amendment.

“The government is trying to use the same tactic it used in the 1990s to block researchers from sharing computer code online,” said Walsh.  “A court first ruled more than 15 years ago that source code was speech protected by the First Amendment, in a case that held the government’s export regulations preventing its publication were unconstitutional. The Fifth Circuit should do the same for design files.”

For the full amicus brief:
https://www.eff.org/document/amicus-brief-34

San Francisco—The Electronic Frontier Foundation (EFF) will urge a federal appeals court Wednesday to reject Facebook’s claims that it’s a crime to workaround an IP address block—an interpretation of the law that could criminalize routine online behavior. EFF Legal Fellow Jamie Williams will participate in oral argument in the case, Facebook v. Power Ventures, set for 9:30 am on Dec. 9 before the United States Court of Appeals for the Ninth Circuit in San Francisco, California.

Power Ventures made a web-based tool that allowed users to log into all of their social networking accounts in one place and aggregate messages, friend lists, and other data. Facebook sued Power, claiming it violated a federal anti-hacking statute, the Computer Fraud and Abuse Act (CFAA), when it provided Facebook users a way to access their data through Power after Facebook blocked a specific IP address the company was using to connect to Facebook data. A district court sided with Facebook, finding that designing a system to work around IP address blocks could be a crime under the CFAA.

The CFAA targets unauthorized acts of breaking into computer systems to steal data and cause other harm. In Wednesday’s hearing, Williams will argue that the Ninth Circuit has already ruled that the CFAA must be interpreted narrowly to avoid transforming what was intended to be an anti-hacking statute into a law that could sweep up innocuous conduct. Criminalizing a routine process like switching IP addresses stifles innovation and harms consumers—and it’s not what Congress had in mind.

What:
Facebook v. Power Ventures and Steven Vachani

Who:
EFF Frank Stanton Legal Fellow Jamie Williams

When:
Wednesday, Dec. 9
9:30 am

Where:
Ninth Circuit Court of Appeals-James R. Browning Courthouse
Courtroom 2, 3^rd Fl, Room 330
95 7^th St.
San Francisco CA 94103

San Francisco – The Electronic Frontier Foundation (EFF) and Visualizing Impact launched Onlinecensorship.org today, a new platform to document the who, what, and why of content takedowns on social media sites. The project, made possible by a 2014 Knight News Challenge award, will address how social media sites moderate user-generated content and how free expression is affected across the globe.

Controversies over content takedowns seem to bubble up every few weeks, with users complaining about censorship of political speech, nudity, LGBT content, and many other subjects. The passionate debate about these takedowns reveals a larger issue: social media sites have an enormous impact on the public sphere, but are ultimately privately owned companies. Each corporation has their own rules and systems of governance that control users’ content, while providing little transparency about how these decisions are made.

At Onlinecensorship.org, users themselves can report on content takedowns from Facebook, Google+, Twitter, Instagram, Flickr, and YouTube. By cataloging and analyzing aggregated cases of social media censorship, Onlinecensorship.org seeks to unveil trends in content removals, provide insight into the types of content being taken down, and learn how these takedowns impact different communities of users.

“We want to know how social media companies enforce their terms of service. The data we collect will allow us to raise public awareness about the ways these companies are regulating speech,” said EFF Director for International Freedom of Expression and co-founder of Onlinecensorship.org Jillian C. York. “We hope that companies will respond to the data by improving their regulations and reporting mechanisms and processes—we need to hold Internet companies accountable for the ways in which they exercise power over people’s digital lives.”

York and Onlinecensorship.org co-founder Ramzi Jaber were inspired to action after a Facebook post in support of OneWorld’s “Freedom for Palestine” project disappeared from the band Coldplay’s page even though it had received nearly 7,000 largely supportive comments. It later became clear that Facebook took down the post after it was reported as “abusive” by several users.

“By collecting these reports, we’re not just looking for trends. We’re also looking for context, and to build an understanding of how the removal of content affects users’ lives. It’s important companies understand that, more often than not, the individuals and communities most impacted by online censorship are also the most vulnerable,” said Jaber. “Both a company’s terms of service and their enforcement mechanisms should take into account power imbalances that place already-marginalized communities at greater risk online.”

Onlinecensorship.org has other tools for social media users, including a guide to the often-complex appeals process to fight a content takedown. It will also host a collection of news reports on content moderation practices.

For Onlinecensorship.org:
https://onlinecensorship.org

Santa Clara, California—On Monday, Nov. 9, at 2 p.m., Electronic Frontier Foundation (EFF) Staff Attorney Kit Walsh will participate in a roundtable discussion about U.S. copyright laws convened by the House Judiciary Committee, which is undertaking the first comprehensive review of the nation’s copyright laws since the 1960s.

Copyright was intended to promote creativity, but the law has not developed to support the explosion of creativity enabled by new technologies. Too often, copyright is instead being abused to shut down innovation, creative expression, and even everyday activities like tinkering with your car. At the roundtable discussion being held at Santa Clara University on Monday, Walsh will speak about reforming Section 1201 of the Digital Millennium Copyright Act (DMCA), an overbroad law that locks device owners out of their software and media. Walsh will also discuss the need to reduce the exorbitant “statutory damages” available to copyright claimants—even when rightsholders suffered no harm—so that users of copyrighted works do not face a financial death sentence if they misstep in exercising their rights to remix and tinker. Finally, she will discuss how Congress can ensure that one-sided click-through agreements don’t strip users of their freedoms under copyright law or the right to resell things they’ve purchased.

Monday’s roundtable discussion is the latest in a series of hearings and talks, hosted by House Judiciary Committee Chairman Bob Goodlatte, and joined by creators, innovators, technology professionals, and users of copyrighted works. Goodlatte announced in 2013 that the committee would conduct a review of U.S. copyright laws to determine whether they are still working in the digital age to reward creativity and innovation.

What:
House Judiciary Committee Roundtable Discussion on U.S. Copyright Laws

Who:
EFF Staff Attorney Kit Walsh

When:
Monday, Nov. 9, 2015, 2 p.m.

Where:
Santa Clara University
Locatelli Center
500 El Camino Real
Santa Clara, California

San Francisco­—The Electronic Frontier Foundation (EFF) and the ACLU Foundation of Southern California (ACLU SoCal) are urging California’s highest court to rule that license plate data, collected indiscriminately on millions of drivers by police across the state, are not investigative records and should be made available to the public.

EFF and ACLU SoCal argued in a brief filed today with the California Supreme Court that citizens need access to automated license plate reader (ALPR) records to understand exactly how this intrusive technology is used.

ALPRs are high-speed cameras mounted on light poles and police cars that continuously scan the plates of every passing car. They collect not only the license plate number but also the time, date, and location of each plate scanned, along with a photograph of the vehicle and sometimes its occupants. The Los Angeles Police Department (LAPD) and the Los Angeles County Sheriff's Department (LASD) collect, on average, three million plate scans every week and have amassed a database of half a billion records.

EFF filed public records requests for a week’s worth of ALPR data from the agencies and, along with ACLU SoCal, sued after both refused to release the records.

EFF and ACLU SoCal are now asking the state supreme court to overturn a ruling in the case from a lower court that said all license plate data—collected indiscriminately and without suspicion that the vehicle or driver was involved in a crime—could be withheld from disclosure as “records of law enforcement investigations.”

“That argument is tantamount to saying all drivers in Los Angeles are under criminal investigation at all times,’’ said EFF Senior Staff Attorney Jennifer Lynch. “The ruling sets a troubling standard that would not just allow these agencies to keep ALPR data from the public but could also allow the police to keep data and footage from other surveillance technologies—from body cameras to drones to face recognition—from ever being scrutinized.”

“Drivers would be surprised to learn that they are under investigation every time they drive in public,” said Peter Bibring, director of police practices at the ACLU SoCal. “The Fourth Amendment was added to the U.S. Constitution exactly to prevent law enforcement from conducting mass, suspicionless investigations under ‘general warrants’ that target no specific person or place and never expire.” 

Contact:

Jennifer Lynch
Senior Staff Attorney
Electronic Frontier Foundation
jlynch@eff.org

Sandra Hernandez
Director of Communications
ACLU of Southern California
+1 213-977-9500 x247

San Francisco—The Electronic Frontier Foundation (EFF) is urging the California Supreme Court to rule that law enforcement agents need a warrant to search records revealing which Californians were prescribed controlled substances to treat conditions such as anxiety, pain, attention disorders, and insomnia.

In an amicus brief filed today, EFF told the state’s highest court that law enforcement agencies should be required to seek a judge’s approval to access such records. Controlled substance prescription records contain highly sensitive information about patients’ medical history and should be afforded the same degree of privacy as any other medical records.

“Patients are prescribed controlled substances to treat post-traumatic stress disorder, ADHD, and extreme pain from surgeries. They should be secure that no one but their medical professionals can access that information without a judge’s approval,” said EFF Frank Stanton Legal Fellow Jamie Williams. “Granting law enforcement unfettered access to prescription drugs records violates the Fourth Amendment and the California Constitution and puts the privacy of all Californians at risk.”

In the case Lewis v. Superior Court (Medical Board of California), a doctor sued the medical board for accessing his patients’ prescription records from the Controlled Substance Utilization Review and Evaluation System (CURES) database without a warrant or any suspicion of patient wrongdoing.

A state court in Los Angeles found that the patients’ privacy rights hadn’t been violated. An appeals court agreed, holding that patients can’t expect prescription records to be as private as medical records because they know, or should know, that California monitors the flow of controlled substances.

“The California Supreme Court should overrule the decision to downgrade patients’ expectation of privacy over controlled substance prescription records,’’ said EFF Senior Staff Attorney Lee Tien. “The court should require law enforcement to obtain a warrant supported by probable cause to access these sensitive records.”

San Francisco – Online advertising company Adzerk will offer compliance with EFF's new “Do Not Track” (DNT) standard for Web browsing starting this week, significantly strengthening the coalition of companies using the policy standard to better protect people from sites that try to secretly follow and record users’ Internet activity. Adzerk serves billions of ad impressions per month, and customers using its technology include Reddit, BitTorrent, and Stack Overflow.

The Electronic Frontier Foundation (EFF) and privacy company Disconnect launched the new DNT standard last month, joined by innovative publishing site Medium, major analytics service Mixpanel, popular ad- and tracking-blocking extension AdBlock, and private search engine DuckDuckGo.

“Adzerk is an important new member of the Do Not Track coalition, helping to protect millions of Internet users and others from stealthy online tracking and exploitation of their reading history,” said EFF Chief Computer Scientist Peter Eckersley. “We are thrilled that consensus keeps growing in the online advertising community: clear and fair practices are essential not only for privacy, but for the ongoing health of the industry.”

DNT is a preference you can set on Firefox, Chrome, or other Web browsers as well as in the iOS or FirefoxOS mobile operating systems, which signals to websites that you want to opt-out of tracking of your online activities. DNT works in tandem with software like Privacy Badger and Disconnect, which not only set the DNT flag but also block trackers and ads that do not respect it. Adzerk is the first online advertising company that is offering its customers—the websites and other online services that show ads—the ability to opt-in to using DNT, which would pass the extra tracking protection on to the sites’ users.

Tracking by advertisers and other third parties is ubiquitous on the Web today, and typically occurs without the knowledge, permission, and consent of Internet users. However, you can see the evidence of this tracking when the online ads you see on one site seem to be based on what you looked at on another site. Meanwhile, the underlying records and profiles of your online activity are distributed between a vast network of advertising exchanges, data brokers, and tracking companies.

“Many websites get much of their operating revenue from online ads, yet the groundswell of discomfort from users about how their private information is being collected and used is leading to a boom in ad-blocking technologies. We need to find a way for privacy and advertising to work together,” said Adzerk Chief Executive Officer James Avery. “The new Do Not Track gives us a way to provide publishers with ads that respect users' privacy and online choices, and which as a result will be visible in more users' browsers”

For more on Do Not Track:
https://www.eff.org/dnt-policy

For more from Adzerk:
http://www.adzerk.com/blog/2015/09/adzerk-joins-electronic-frontier-foundation-do-not-track-coalition-adopts-privacy-standard/

For more on the ad-blocker debate:
https://www.eff.org/deeplinks/2015/09/adblockers-and-innovative-ad-companies-are-working-together-build-more-privacy

Washington—The Electronic Frontier Foundation (EFF) is asking a federal appeals court to approve Federal Communications Commission (FCC) net neutrality rules that prevent Internet service providers from interfering with and censoring content on the Web.

U.S. telecommunication providers sued the FCC in Washington D.C. federal circuit court after the FCC published the rules, called the Open Internet Order, earlier this year. Among other things, service providers and their supporters argue that the order strips telecom companies of control over which speech they transmit.

In an amicus brief filed in the case today, EFF and the American Civil Liberties Union (ACLU) explain that the order is an appropriately-tailored measure that protects the Internet’s open and robust  "marketplace of ideas" without placing excessive or inappropriate restrictions on telecommunications providers or regulating their speech or messages.

"The openness of the Internet has transformed our civic life, our culture, and our economy, and net neutrality is essential to ensuring that ISP gatekeepers do not undermine the freedom of speech and access to knowledge we enjoy online," said EFF Staff Attorney Kit Walsh. "Internet service providers stand between subscribers and the rest of the world, giving them the power to interfere with our communications in order to further their own interests. We’re urging the court to approve rules that protect users’ rights to freely express themselves and access information online."

The FCC net neutrality order prohibits ISPs from blocking or degrading service—which they may do to thwart competition or increase profits—or charging tolls for speedier traffic to certain websites. By narrowly focusing regulation on ISPs acting as conduits for the speech of others and operating in a dysfunctional market shaped by government subsidies, the net neutrality order appropriately protects customers’ freedoms.

"In addition to supporting the order’s bright-line rules against blocking, throttling, and paid prioritization, we are also urging the court to clarify other aspects of the order so as to provide clear boundaries on the FCC’s discretion," said EFF Legal Director Corynne McSherry. "The FCC should focus on whether ISPs interfere with freedom of expression and whether they discriminate with respect to the content and sources of web traffic. That focus will help strike the right balance and limit the risk that the FCC might abuse its power to impede, rather than promote, innovation and free speech."