Internet i inne organizacje

It's Time to Curtail the Censorship Industry Cartel

CircleID - Pią, 2020-02-14 18:05

Last month INHOPE, a global trade association of child abuse reporting hotlines, rejected a joint call from Prostasia Foundation, the National Coalition Against Censorship, Article 19, and the Comic Book Legal Defense Fund, that its members should stop treating cartoons as if they were images of child sexual abuse. As our joint letter pointed out, INHOPE's conflation of offensive artwork with actual abuse images has resulted in the misdirection of police resources against artists and fans — predominantly LGBTQ+ people and women — rather than towards the apprehension of those who abuse real children.

INHOPE is not a child protection organization, but an industry association for organizations and agencies that provide censorship services to government and private industry. Its Articles of Association are surprisingly explicit about this: its objective is to "facilitate and promote the work of INHOPE Member Hotlines, whose work is to eradicate illegal content, primarily child sexual abuse material, on the internet" [emphasis added].

It executes this mission by collecting personal information of those who share images that are reported to it (which can include a name, email address, phone number, and IP address), and sharing this information among its member hotlines and with police. Again, it is explicit about this, acknowledging that its "core business revolves around the exchange of sensitive data." INHOPE members have actively lobbied to weaken European privacy rules so that they can maintain these data collection practices, while refusing to accept a compromise allowing continued scanning for actual child abuse images.

Such data collection is clearly justifiable when it is limited to actual sexual abuse images. But INHOPE's data collection isn't limited to this. It siphons up reports of all manner of reports that its members declare to be illegal in their country, and (with one exception mentioned below) gives them another "once-over" to determine whether they are illegal worldwide, only in the reporting or hosting country, or not at all, before forwarding them to INTERPOL. Even if this assessment leads to a determination that the images are lawful, INHOPE doesn't delete them. Inexplicably, it instead classifies them as "Other Child-Related Content," retains them in a database, and sends them to law enforcement for what it describes as "documentation purposes."

Images reported by NCMEC, the American hotline, undergo even less vetting. Despite being an INHOPE member, NCMEC doesn't utilize the services of INHOPE analysts, but directly shares reported images and associated personal information with law enforcement agencies around the world. According to Swiss authorities, up to 90% of these images are later found to be lawful.

INHOPE chose to mischaracterize our call as being grounded in a misunderstanding of the fact that some countries do prohibit artistic sexual representations of minors by law. But our letter explicitly acknowledged that fact, by calling on INHOPE to establish a policy for its members that "artistic images should not be added to image hash lists that INHOPE members maintain, and should not be reported to authorities, unless required by the law where the hotline operates” [emphasis added].

There are indeed some countries in which lawmakers do ill-advisedly use the same laws to criminalize the dissemination of offensive art as they use to prohibit the image-based abuse of real children. But the risks of an international organization allowing national authorities to act as gatekeepers of the images that it it treats as child abuse and reports to INTERPOL should be obvious.

For example, Canada's overbroad child pornography laws have recently drawn public attention over the much-criticised prosecution of an author and publisher for a novel that includes a brief scene of child sexual abuse in its retelling of the story of Hansel and Gretel. The Canadian Center for Child Protection, one of only two INHOPE members that proactively searches for illegal material, was responsible for the arrest of a a 17 girl for posting artwork to her blog, when it reported her to authorities in Costa Rica where such artwork is also illegal.

In other countries where cartoon images are illegal, criminal laws are used to disproportionately target and criminalize LGBTQ+ people and women. An example given in our letter was the case of a Russian trans woman who was arrested over cartoon images and sentenced to imprisonment in a men's prison.

Russia's INHOPE member the Friendly Runet Foundation encourages people to report if they are "exasperated by the on-line materials transgressing morality," and boasts that it was "created at the direct participation and works in close partnership with the Department "K" of the Russian ministry of Interior." This terminology, and the hotline's association with the ministry that criminalized "gay propaganda," is understood by Russian citizens as an attack on LGBTQ+ people's speech. It is noted that no LGBTQ+ representatives are included on INHOPE's Advisory Board. 

INHOPE can't do anything, directly, about unjust national laws that conflate artistic images with child abuse. INHOPE and its members also can't do much to prevent conservative members of the public from reporting non-actionable content (although one member has taken steps to address this problem). That's why we are directly targeting the public with our "Don't report it, block it” information campaign, to stem such false reports at the source.

But what INHOPE can do is to decide what to do with reports that it receives about artistic content. Passing them to law enforcement authorities, using a censorship and surveillance infrastructure that was established to deal with real images of child sexual abuse, isn't its only option here. Neither is it necessary to place those who share such images in the crosshairs of police, especially in countries that have unjust laws or repressive governments.

In 2019, we held a seminar with Internet companies and experts to discuss more proportionate ways of dealing with content such as child nudity, child modeling, and artistic images, that doesn't rise to the legal of child abuse, but which can still be triggering or offensive, or harmful when shared in the wrong context. Through a multi-stakeholder process, this resulted in the development of a set of principles for sexual content moderation and child protection that were launched at last year's Internet Governance Forum.

INHOPE already has a Code of Practice that its members are required to comply with. To be clear, some INHOPE members already do have good practices, and Britain's Internet Watch Foundation (IWF) is one of these: although cartoon images are unlawful in the United Kingdom and the IWF is mandated to accept reports about them, it doesn't include these reports in its hash lists of abuse images, nor share them with foreign police. Our joint letter invited INHOPE to take the opportunity to amend its Code of Practice to apply similar standards to its other members. Its decision not to consider this doesn't reflect well on the organization.

Internet reporting hotlines are selling a product to law enforcement authorities: a censorship service for which actual images of child abuse are only the selling point. This can be a lucrative gig; NCMEC alone received $33 million from the United States government in 2018. Therefore, as a business proposition, it makes sense for INHOPE and its members to ask few questions about the scope of the censorship services their governments call upon them to provide. Conversely, since almost no federal money is being allocated towards abuse prevention, there is little incentive for them to invest in prevention interventions that could reduce abuse in the long run.

But these perverse incentives are leading it down a dangerous path. It's time for us to call this censorship cartel to account, and to demand that it consider the human rights of the innocent people who are being hurt by its approach. The plain fact is that INHOPE doesn't represent the voices of experts who work on child sexual abuse prevention, it represents the law enforcement sector. By refusing to curtail its activities to place the censorship of artistic images outside its remit, INHOPE has lost the moral authority that provides the only justification for its sweeping and dangerous powers.

Written by Jeremy Malcolm, Executive Director, Prostasia Foundation

Follow CircleID on Twitter

More under: Censorship, Internet Governance

ICANN Publishes Annual Report for Fiscal Year 2013

ICANN Announcements - Czw, 2013-12-19 02:06
18 December 2013

The 2013 Annual Report for the Internet Corporation for Assigned Names and Numbers (ICANN) has been published online today.

The report highlights the organization's achievements and progress from 1 July 2012 to 30 June 2013, including:

  • Continued accountability and transparency efforts.
  • Opened new offices to increase ICANN's internationalization.
  • Completed evaluation of more than a thousand new gTLDs and preparations to place them in the root.
  • Finalized new Registrar Accreditation Agreement.
  • Establishment of Trademark Clearinghouse.

Further content includes:

  • Audited financial statements for fiscal year 2013.
  • Biographical details on each of the Board of Directors.
  • Messages from the CEO and Chairman.

The complete annual report is available online at: http://www.icann.org/en/about/annual-report/annual-report-2013-en.pdf [PDF, 6.69 MB]

The At-Large Community Seeks Expressions of Interest for Candidates for Post of ICANN Board Seat

ICANN Announcements - Wto, 2013-12-17 01:49
16 December 2013

A call for Expressions of Interest (EoIs) is now open through December 26, 2013. This Call for EoIs is part of the process through which the user community within ICANN will appoint one voting member of the ICANN Board. While acting in a personal capacity as a member of the ICANN Board, this member must be able to reflect the users' point of view and interests in the debate and decision making undertaken within the ICANN framework.

In seeking candidates for this post, ICANN's At-Large Community is looking for an individual with a broad international perspective and a background in Internet users' interests, consumer policy and/or civil society worldwide.

Information about the At-Large Community:

"At-Large" is the name of the community of individual Internet users involved in ICANN's policy development process. It currently consists of over 160 active At-Large organizations (called "At-Large Structures" or "ALSes"), representing the opinions of the global community of Internet users. At-Large provides a means through which individual end users of the Internet worldwide can participate in the matters on which ICANN works, such as:

  • Guidance on how to run Internationalized Domain Names (IDNs);
  • How to introduce new gTLDs (such as .eco, .green and IDN TLDs); and
  • How to implement a stable and fair transition from IPv4 to the next Internet addresses generation, IPv6.

The At-Large Board Candidate Evaluation Committee (BCEC) now calls for Expressions of Interest (EoIs).

For more information regarding the BCEC, including member details, please see the At-Large Board Candidate Evaluation Committee Web page (https://community.icann.org/display/ABMS/Board+Candidate+Evaluation+Committee+%28BCEC%29+2014).

How to apply for consideration:

To apply, please complete and submit the Expression of Interest (EoI) available at https://www.bigpulse.com/p26527/register. The form can be submitted online or printed and either:

  • Posted to At-Large Director Applications, ICANN, c/o Heidi Ullrich, 12025 Waterfront Dr. Ste 300, California 90094, USA; or
  • Faxed to +1 310 823 8649.

To be considered, EoIs must be received by 26 December 2013 at 23:59 UTC.

Please feel free to e-mail the BCEC with any questions regarding the SOI or the application process at BCEC-Request@icann.org. The BCEC will respond to all inquiries.

Additional information is available on the At-Large Board Director 2014 Selection Workspace (https://community.icann.org/display/ABMS/At-Large+Board+Member+2014+Selection)

To watch a video of Roberto Gaetano, Chair of the Board Candidate Evaluation Committee explain the Board member search, go here: http://www.icann.org/en/news/press/kits/video-alac-call-candidates-lo-16dec13-en.htm

To view Tijani Ben Jemaa, Chair of the Board Member Process Committee speak about the process, go here (in French only): http://www.icann.org/fr/news/press/kits/video-alac-call-candidates-lo-16dec13-fr.htm

New gTLD Auction Rules

ICANN Announcements - Pon, 2013-12-16 23:50
17 December 2013 Forum Announcement: Comment Period Opens on Date: 17 December 2013 Categories/Tags: New gTLD Auctions Purpose (Brief): To gather community input regarding the detailed rules and processes for Auctions to resolve string contention sets in the New gTLD Program. The preliminary auction rules were originally published 1 Nov 2013, they have since been updated based on feedback and will be finalized based on the input of the community from this comment period. Public Comment Box Link: http://www.icann.org/en/news/public-comment/new-gtld-auction-rules-17dec13-en.htm

High-Level Panel on Global Internet Cooperation and Governance Mechanisms Convenes in London

ICANN Announcements - Pią, 2013-12-13 23:08
13 December 2013

LONDON – The Panel on Global Internet Cooperation and Governance Mechanisms—a diverse group of global stakeholders from government, civil society, the private sector, the technical community and international organizations—held their first meeting in London to discuss global Internet cooperation and governance mechanisms. The Panel expressed strong support for a multistakeholder approach to the future of Internet governance. The conversations held at the London meeting were facilitated by a team of Internet governance experts. The discussion will be taken online in the coming days at 1Net.org.

"The world relies on the Internet for economic, social, and political progress. It is imperative to ensure emerging issues are properly addressed in a global context, without individual governments or intergovernmental organizations developing their own solutions," said Estonian President Toomas Hendrik Ilves and chair of the Panel.

"The success of the Internet is rooted in a distributed and bottom-up model, with openness and collaboration at its core," said Vint Cerf, vice-chair of the Panel. "The inaugural meeting of the Panel brought together a diverse set of perspectives on the future of the Internet, and through this diversity I'm confident we can chart a course to protect the core of the current ecosystem, while evolving its methods, accessibility, and universality to meet the opportunities and challenges of the future."

In keeping with its mission, the first meeting of the Panel addressed desirable properties for global Internet cooperation, administration and governance. The Panel will conduct two additional meetings in the coming months. The next meeting, scheduled for late February 2014 in Rancho Mirage, California, will be hosted by The Annenberg Retreat at Sunnylands. Sunnylands is partnering with the Panel in its substantive work. Following this meeting, a high-level draft report will then be released for open consultation. A final meeting will be hosted by the World Economic Forum in May 2014 in Dubai. During this meeting, the Panel will consider community feedback and discussions at forums including the Global Multistakeholder Meeting on the Future of Internet Governance in Brazil and the Freedom Online Coalition's conference in Tallinn, Estonia. A high-level report will be published at the conclusion of the May meeting, and is expected to cover the following areas:

  • A brief overview of the current Internet governance ecosystem
  • Opportunities and challenges facing the current ecosystem
  • Desirable ecosystem properties including:
    • Ecosystem legitimacy
    • Effective and inclusive multi-interest and consensus-based system
    • Ensuring global participation including from the developing world
    • Co-existence with other governance systems (national and multi-lateral) ensuring a stable system that is not prone to attack, mismanagement, and manipulation

Panel members are working in their personal capacity. Members consist of:

  • Mohamed Al Ghanim, Founder and Director General of the UAE Telecommunications Regulatory Authority; former Vice-Chair, UAE Information and Communications Technology Fund; Chairman of WCIT-12
  • Virgilio Fernandes Almeida, Member of the Brazilian Academy of Sciences; Chair of Internet Steering Committee; National Secretary for Information Technology Policies
  • Dorothy Attwood, Senior Vice President of Global Public Policy, Walt Disney Company
  • Mitchell Baker, Chair, Mozilla Foundation; Chair and former CEO, Mozilla Corporation
  • Francesco Caio, CEO of Avio; former CEO, Cable and Wireless and Vodafone Italia; Founder of Netscalibur; broadband advisor in UK and Italy; Government Commissioner for Digital Agenda
  • Vint Cerf, Vice President and Chief Internet Evangelist for Google; former Chairman, ICANN; Co-Founder of the Internet Society
  • Fadi Chehade, CEO and President of ICANN; Founder of Rosetta Net; technology executive
  • Nitin Desai, Indian economist and diplomat; former UN Undersecretary General; convener of Working Group on Internet Governance (WGIG)
  • Byron Holland, President and CEO of the Canadian Internet Registration Authority
  • Toomas Hendrik Ilves, President of Estonia; former diplomat and journalist; former Minister of Foreign Affairs; former Member of the European Parliament
  • Ivo Ivanovski, Minister of Information Society and Administration, Macedonia; Commissioner to the UN Broadband Commission for Digital Development
  • Thorbjørn Jagland, Secretary General of the Council of Europe; former Prime Minister and Foreign Minister of Norway
  • Omobola Johnson, Minister of Communication Technology of Nigeria
  • Olaf Kolkman, Director of NLnet Labs; "Evangineer" of the Open Internet; former Chair of the Internet Architecture Board
  • Frank La Rue, labor and human rights lawyer; UN Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion and Expression; Founder, Center for Legal Action for Human Rights (CALDH)
  • Robert M. McDowell, former U.S. Federal Communications Commissioner; Visiting Fellow, Hudson Institute's Center for Economics of the Internet
  • Andile Ngcaba, Chairman and Founder, Convergence Partners; Executive Chairman, Dimension Data Middle East and Africa; former South African Government Director General of Communications
  • Liu Qingfeng, CEO and President of iFLYTEK; Director of National Speech & Language Engineering Laboratory of China; Member of Interactive Technology Standards working group
  • Lynn St. Amour, President and CEO of the Internet Society; telecoms and IT executive
  • Jimmy Wales, Founder and Promoter of Wikipedia; Member of the Board of Trustees of Wikimedia Foundation
  • Won-Pyo Hong, President, Media Solution Center, Samsung Electronics
London Panel Agenda

December 13

09:00 – 11:00

Backgrounder

Expert presentations on Internet Cooperation and Governance to cover:

  • History of Internet cooperation and overview of current ecosystem
    Speaker: Vint Cerf
  • Nature and scope of global Internet governance
    Speaker: William Drake
  • Current system opportunities and challenges: ( this includes legitimacy and mandate challenges, challenges for global participation and inclusion)
    Speaker: David Gross & Bertrand de la Chapelle
11:00 – 11:15 Break 11:15 – 12:00 Backgrounder Q&A Session 12:00 – 13:00 Lunch 13:00 – 14:30

Developing Desirable System Properties

Panel is split into the following four proposed tracks, each moderated by an Internet Governance expert:

  • Desirable properties for ecosystem legitimacy
    Moderator: David Gross
  • Desirable properties for an effective and inclusive multi-interest & consensus-based system
    Moderator: Sally Wentworth
  • Desirable properties to ensure global participation including from developing world
    Moderator: William Drake
  • Desirable properties for co-existence with other governance systems (national and multi-lateral) ensuring a stable system that is not prone to attack, mismanagement, and manipulation.
    Moderator: Wolfgang Kleinwachter
14:30 – 14:45 Break 14:45 – 17:30

Joint Observations

Panel members, moderated by experts, coalesce around a set of overall joint observations on the desirable system properties

17:30 – 17:45 Break 17:45 – 18:30

Wrap-up

Panel members discuss next steps, timelines/dates, communication rules and modus operandi for panel

About The Annenberg Retreat at Sunnylands

The Annenberg Foundation Trust at Sunnylands, which operates The Annenberg Retreat at Sunnylands in Rancho Mirage, California, is an independent 501(c)(3) nonprofit operating entity. The Annenberg Retreat at Sunnylands hosts high-level retreats that address serious issues facing the nation and the world, including the recent official meeting between President Obama and President Xi of the People's Republic of China. In addition, Sunnylands offers programs through the Sunnylands Center & Gardens to educate the public about the history of Sunnylands, its architecture, art collections, cultural significance, and sustainable practices.

About ICANN

The Internet Corporation for Assigned Names and Numbers (ICANN) is an internationally organised, non-profit corporation that has responsibility for Internet Protocol (IP) address space allocation, protocol identifier assignment, generic (gTLD) and country code (ccTLD) Top-Level Domain name system management, and root server system management functions. As a private-public partnership, ICANN is dedicated to preserving the operational stability of the Internet; to promoting competition; to achieving broad representation of global Internet communities; and to developing policy appropriate to its mission through bottom-up, consensus-based processes. For more information please visit: http://www.icann.org.

About The World Economic Forum

The World Economic Forum is an independent international organization committed to improving the state of the world by engaging leaders in partnerships to shape global, regional and industry agendas.

Incorporated as a foundation in 1971 and headquartered in Geneva, Switzerland, the World Economic Forum is impartial and not-for-profit; it is tied to no political, partisan or national interests (http://www.weforum.org).

Editor's Note: The Panel was previously referred to as the Panel on the Future of Global Internet Cooperation.

For more information on the Panel, please contact: Pearson Cummings at Pearson.Cummings@edelman.com.

ICANN 49 Registration Now Open

ICANN Announcements - Czw, 2013-12-12 18:52
12 December 2013

Registration is now open for ICANN's 49th Public Meeting to be held in Singapore from 23-27 March 2014. The meeting site will be the Raffles City Convention Centre. To register, please visit https://registration.icann.org/.

To make a hotel reservation, visit https://resweb.passkey.com/go/venue.

ICANN holds three public meetings each calendar year in different regions of the globe. Usually comprised of more than 200 different sessions, these week-long meetings are the focal point for individuals and representatives of the different ICANN stakeholder groups to introduce and discuss issues related to ICANN policy.

Participants may attend in person or remotely. Meetings are open to everyone and registration is free.

For more information, visit http://singapore49.icann.org/en/about.

Proposal for a Specification 13 to the ICANN Registry Agreement to Contractually Reflect Certain Limited Aspects of ".Brand" New gTLDs

ICANN Announcements - Sob, 2013-12-07 02:28
6 December 2013

ICANN is posting today for public comment a proposal requested by the Brand Registry Group to incorporate a new Specification 13 to the new gTLD Registry Agreement, which would be available to a Registry Operator that operates a TLD that ICANN determines qualifies as a ".Brand TLD".

The proposed draft of Specification 13 [PDF, 80 KB] and the concepts reflected therein have not been approved by the New gTLD Program Committee of ICANN’s Board of Directors. ICANN is seeking public comment on all aspects of the proposal.

ICANN is also posting with the proposed draft of Specification 13 a position statement [PDF, 83 KB] of the Brand Registry Group in support of the proposed draft.

ICANN Issues Advice to IT Professionals on Name Collision Identification and Mitigation

ICANN Announcements - Pią, 2013-12-06 13:14
6 December 2013

ICANN today issued comprehensive advice to IT professionals worldwide on how to proactively identify and manage private name space leakage into the public Domain Name System (DNS) and thus, eliminate the causes of name collisions as new Top Level Domains (TLDs) are added to the DNS. In a report titled Name Collision Identification and Mitigation for IT Professionals [PDF 228 KB], ICANN explains the nature and causes of name collision and proposes a range of possible solutions.

View All Name Collision Resources Now »

Domain name collisions are not new. However the report addresses some concerns that a number of applied-for new TLDs may be identical to names used in private name spaces.

The report explains how DNS queries leak into the global DNS from private name spaces and how these leaks can have unintended consequences. The report shows that private networks will consistently, stably, and reliably perform name resolution when they use Fully Qualified Domain Names (FQDNs) and resolve them from the global DNS, and proposes methods to migrate to FQDNs.

"While it appears that name collisions won't affect significant numbers of corporate network operators or Internet users, ICANN considers it essential that it does everything possible to minimize potential impact and to offer clear advice on dealing with the issue," said Paul Mockapetris, Global Domains Division Security Advisor.

The report recommends that every organization that is not already using FQDNs from the public DNS should consider the following strategy:

  • Monitor name services, compile a list of private TLDs or short unqualified names you use internally, and compare the list you create against the list of new TLD strings.
  • Formulate a plan to mitigate causes of leakage.
  • Prepare users for the impending change in name usage by notifying them in advance or providing training.
  • Implement your plan to mitigate the potential collision.

The release of today's advice to IT professionals is the result of several months of diligent work by ICANN's staff, subject matter experts, the ICANN Executive Team and the Board of Directors.

"The report we've issued today offers IT professionals, whether they work in large organizations or small companies, comprehensive advice and suggested remedies that can be simple to implement," said Dave Piscitello, Vice President of Security and ICT Coordination. "While other interim or makeshift solutions may exist, migration using FQDNs has lasting value – once you've done this, you are good to go for now and future new TLD delegations."

The report, along with additional useful information and resources, can be found at:

http://www.icann.org/en/help/name-collision

ICANN and the CTU to Increase Active Engagement with Caribbean Stakeholders

ICANN Announcements - Pią, 2013-12-06 01:57
5 December 2013

Montego Bay, Jamaica - In the context of the recent Caribbean ICT Week, Fadi Chehadé, ICANN President and CEO, and Ms. Bernadette Lewis, Secretary General of the Caribbean Telecommunications Union signed a Memorandum of Understanding to increase cooperation and coordination among both organizations.

The signing took place in the presence of Government Ministers of CTU member states including the President of the CTU, Hon. Philip Paulwell, Minister of Science, Technology, Energy and Mining of Jamaica; the signing ceremony was followed by a press conference facilitating widespread communication of news of the event to the Jamaica public, and wider Caribbean through electronic media.

In her remarks at the signing Ms. Bernadette Lewis remarked that "The Internet has become entwined in the fabric of our lives therefore we must take an interest in its development and participate in the fora that chart its course. The continued and equitable growth of the internet is a collective responsibility and the Caribbean Telecommunications Union (CTU) is prepared to play its part in taking an active role in determining the future of the Internet. This MoU is the demonstration of the CTU's commitment to work in collaboration with ICANN to increasing awareness and usage of the Internet and its resources in the Caribbean."

On his part, in the spirit of collaboration, Fadi Chehadé ended his remarks by quoting the African Proverb "If you want to go fast…go alone. If you want to go far…go together."

Mr. Chehadé and Ms. Lewis committed to make this a workable framework by getting their respective teams to start implementing concrete actions in the upcoming weeks. Actions are planned to include capacity building, partnering for outreach events and fostering multistakeholder dialogue at the regional and national levels.

Joint press release – Civil rights groups call on European Parliament to vote for strong data protection rules

European Digital Rights - Czw, 2013-10-17 09:08

On Monday 21 October, the European Parliament's Committee on Civil Liberties will decide on the future of privacy and data protection in Europe. The recent revelations surrounding government surveillance involving some of the Internet's biggest companies have highlighted the urgency of an update of Europe's privacy rules.

The Regulation will have a major impact on the digital environment for citizens, businesses and public bodies. "The choice is between clear, harmonised, predictable and enforceable rules that will benefit European citizens and businesses or unclear, unpredictable rules that will benefit nobody except data monopolies and lawyers," said Joe McNamee, EDRi's Executive Director.

read more

Act now: One minute to save your right to privacy

European Digital Rights - Śro, 2013-10-16 13:12

On 21 October, the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) will vote a an of huge importance to civil rights: The General Data Protection Regulation.

The purpose of this very long legislative proposal is to make sure that our rights to privacy and data protection can be effectively asserted in our everyday lives.

However, some Parliamentarians have been asking for weaker data protection. Some of the proposals might even kill our fundamental right to data protection and privacy!

You can contact your Members of the European Parliament now and tell them to assume their responsibility to stand up for our rights.

How much time do you have?

read more

"Terms and Conditions may apply": A free screening of a must-see film on Thursday, 17 October

European Digital Rights - Wto, 2013-10-15 13:52

We're happy to announce a screening of Cullen Hoback's very timely documentary about the dangers of signing up to excessive and unpredictable license terms which undermine privacy and permit surveillance: "Terms and Conditions may apply".

The filmmaker tells a terrifying story and coherently argues that we need to reclaim control of our personal data. We wanted our policy makers to see the film before the most important vote on privacy and data protection in the European Parliament. It takes place on:

Thursday, 17 October
at 18h30
Room ASP A5E3
in the European Parliament

Hosted by MEP Josef Weidenholzer.

If you need a badge to access the European Parliament, please contact kirsten.fiedler(at)edri.org before Wednesday afternoon, 16 October at 2pm.

Download the poster (pdf).

read more

Data protection series - issue sheets

European Digital Rights - Czw, 2013-10-10 14:52

On 21 October the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) will vote a hugely important dossier: The General Data Protection Regulation.

This very long legislative document is intended to ensure that our rights to privacy and data protection can be effectively asserted in our everyday lives. One of the main purposes of the Regulation is to give citizens greater control over their personal information - maintaining the principles that were developed in the 1995 Data Protection Directive. Recent revelations have shown just how important this is.

read more

Open letter by 23 European organisations in support of Snowden's nomination for the Sakharov prize

European Digital Rights - Śro, 2013-10-09 09:17

Today, 23 European non-governmental organisations released an open letter to the Conference of Presidents of the European Parliament in support of Edward Snowden's nomination for the Sakharov Prize for Freedom of Thought 2013.

Dear Presidents,

We write to you on behalf of 23 European non-governmental organisations protecting fundamental rights, including the freedom of expression and information, to lend our support to the selection of Edward Snowden for the Sakharov Prize.

Edward Snowden’s recent disclosures have triggered a necessary and long-overdue public debate in the United States and beyond about the acceptable boundaries of surveillance in a democratic state and about the legitimacy and proportionality of counter-terrorism intelligence activities. The revelations also have prompted debates in the European Union.

read more

EFF Mourns the Loss of Steve Jobs

the Electronic Frontier Foundation - Czw, 2011-10-06 21:44

EFF joins millions around the world in mourning the passing of Steve Jobs. Steve was an extraordinary innovator who changed how we think about, develop, use, and experience new technologies, music, and ideas. While we've sometimes found ourselves frustrated with some of Apple's business strategies, we here at EFF have always had tremendous respect for Steve's creative genius and commitment to making products that were powerful, accessible, and elegant. His imagination and vision changed the world. He will be missed.

EU Parliament Takes the First Step to Prevent Sales of Surveillance Equipment Used to Violate Human Rights

the Electronic Frontier Foundation - Czw, 2011-10-06 18:12

The European Parliament today formally recognized what has become increasingly clear: some European tech companies have been selling to repressive governments the tools used to surveil democracy activists. In response, it passed a resolution to bar overseas sales of systems that monitor phone calls and text messages, or provide targeted Internet surveillance, if they are used to violate democratic principles, human rights or freedom of speech.

According to Bloomberg, the decision came after a Bloomberg report in August that "a monitoring system sold and maintained by European companies had generated text-message transcripts used in the interrogation of a human-rights activist tortured in Bahrain." The legislation reportedly leaves enforcement to the EU’s 27 member nations.

But European companies aren't the only ones. Recently Narus, a Boeing subsidiary based in Silicon Valley, was revealed to have sold to Egypt sophisticated equipment used for surveillance. (Note: EFF watchers will recognize Narus as one of the companies whose equipment is in AT&T “secret room” used to help the NSA conduct warrantless surveillance in the U.S. at the heart of our Jewel and Hepting cases).

And it's not just a problem in the Middle East. Cisco Systems is facing litigation in both Maryland and California based on their sales of surveillance equipment used by China to allegedly track, monitor and otherwise facilitate the arrest, detention or disappearance of human rights activists and religious minorities who have been subjected to gross human rights violations.

Despite the “head in the sand” approach of some tech companies, this concern is real and is not going away. Members of the U.S. Congress, such as Republican Representatives Chris Smith and Mary Bono and Democratic Senator Richard Durbin, are also watching closely.

It’s time for tech companies to step up and ensure that they aren’t wittingly or unwittingly assisting in the commission of gross human rights violations. While there may be many ways to accomplish this, a simple step would be for companies to voluntarily adopt a robust "know your customer" approach. First, companies selling these specialized surveillance technologies to repressive foreign governments need to take affirmative steps to know who they are selling to and what the technology will be used for, especially when they are providing ongoing service or customization of the systems. The U.S. State Department already publishes annual human rights reports about countries around the world and other objective resources are readily available, including EFF. This wouldn't be much more of a burden than what these sophisticated companies already must do to comply with laws like the Foreign Corrupt Practices Act and the the U.S. export restrictions. Second, companies need to refrain from participating in transactions where there is either objective evidence or credible concerns that the technologies or services are being used, or will be used, to facilitate human rights violations.

We'll be writing more about this. But the message from the EU Parliament is clear: Tech companies need to stop participating in human rights abuses around the world by selling tools that repressive governments need to commit them. Tech companies need to stop serving as "repression's little helpers."

Safeconnect, Universities, P2P, Network Security and Risk: The Tangled World of "Policy Enforcement" on Other People's Computers

the Electronic Frontier Foundation - Czw, 2011-10-06 15:47

By Cindy Cohn and Seth Schoen

After months of work, and spurred by an initial report1 by Professor Ted Byfield of New School University's Parsons New School for Design, we’re happy to report a security vulnerability fix in a product called Safe•Connect.

While the immediate story is good, the underlying context should raise real concerns about the dangers inherent in the ongoing obsession of Congress and the content industry with pressuring intermediaries, especially universities, to use their status as network operators to require individuals to install monitoring software like Safe•Connect on their computers in order to appease the content industry. As Stewart Baker, then the Department of Homeland Security’s policy czar warned during a similar incident involving the Sony Rootkit: "It’s very important to remember that it’s your intellectual property — it’s not your computer. And in the pursuit of protection of intellectual property, it’s important not to defeat or undermine the security measures that people need to adopt in these days."

Background

Network administrators have been interested for years in software meant to enforce rules on other people's computers connected to a network – a technology called Network Access Control (NAC). NAC software runs as an agent on behalf of the network administrator, reporting back information about how the computer is configured, examining its security policies, and, in some cases, making changes. We might describe such software as spyware that network operators ask users to install on their computers, although the Safe•Connect system does not appear to be configured to report back on the content a user stores on his or her computer. Why do network operators want this power? There are many possible reasons, but, most often, it's aimed at making sure the network users have taken security precautions and applied software updates that the network operator considers necessary. Such enforcement software sometimes requires administrative privileges on the users' computer, and in any case its use raises serious questions about computer users' autonomy and right to control and make decisions about their own computers.

In an academic environment, the use of this software on non-university-owned computers — like the personal machines owned by students, teachers and campus visitors — is sometimes controversial. Although it might be used largely in users' own interest, especially when it helps remind less-sophisticated users to apply software upgrades they might otherwise neglect, it can also introduce security and privacy threats of its own. At a minimum, schools should examine this type of software skeptically and should give sophisticated users a way to opt out of installing it. Unfortunately, one source of pressure overshadowing universities' decision-making in this area lately has been Congressional attention to copyright enforcement.

While the RIAA has abandoned its ineffective litigation campaigns, it and the MPAA have increased their efforts to lobbying Congress, pressure intermediaries, and lobby Congress to pressure intermediaries to take every more draconian steps to try to stop copyright infringement. In particular, colleges and universities have always been popular targets for both Big Content and Congress. In addition to threatening letters, ill-advised lawsuits, and propaganda campaigns, anti-P2P zealots have embraced technological “solutions” such as Audible Magic’s CopySense. EFF’s technologists believe these technologies are fundamentally flawed: they are expensive, easily circumvented, and ultimately ineffective. However, the drumbeat coming from Congress may be deterring some universities from looking critically at these technologies, instead encouraging them to adopt quick fixes.

Safe•Connect Security Vulnerability

Enter Safe•Connect, a product developed by Impulse Point, LLC. Safe•Connect is one of a breed of NAC products, designed to keep private networks—particularly college and university networks— “clean.” Impulse Point markets Safe•Connect as capable of enforcing compliance with security policies set by the school’s network administrators. In addition to keeping student’s, teachers’ and campus visitors’ anti-virus software updated and their operating systems patched (security measures that users might be neglecting), the technology is marketed, and in some cases used by schools, to prevent those on campus from running certain peer-to-peer software over the school’s network resources. In other cases, the technology “warns” those on campus that are running P2P software, making sure they know that Big Brother is watching.

It was New School University’s requirement that students and faculty install Safe•Connect on their own computers that led Professor Byfield, a professor of Art, Media and Technology, to raise his initial concerns. Starting with Professor Byfield’s work, and especially curious about Impulse Point’s claimed ability to notify users about and block peer-to-peer systems, EFF and researchers at the University of Michigan started investigating. We obtained a copy of the Policy Key, the application from Safe•Connect that universities require each student, faculty or visitor to install on her personal computer before she is allowed access to the Internet over the university network. After a bit of reverse engineering, the researchers found that an older but widely-distributed version of the Policy Key would accept purported “updates” from a local server with no authentication. So a knowledgeable attacker, even on a non-university network, could pretend to be this server and substitute malicious software of their choice, disguised as Policy Key updates. That means users who ran this version of the Policy Key on their systems could be vulnerable to attacks from strangers even after leaving the universities that originally asked them to install it. This goes to show that asking people to install software just to be allowed onto a network can come with its own set of security risks, since bugs in that software constitute new ways onto users' machines. (The MacOS X Policy Key version also ran as root with improperly-set file permissions, which would let any other software on a MacOS system with the Policy Key installed gain administrative privileges and take over the system.)

Concerned about the thousands of students, faculty and campus visitors who—whether in the name of network security or intellectual property protection—were required to install and run vulnerable software, EFF and the researchers contacted Impulse Point. To their credit, the Safe•Connect developers responded promptly. They pointed out that the vulnerabilities had already been fixed in newer versions for returning students and staff, and they then delivered the security patch to their university network and other customers for those with past versions of the software that were still on their university networks. Impulse Point is also committed to implementing a plan to address those (such as graduating seniors, staff who have left and campus visitors) who were not otherwise likely to get automatic updates.

Bullet Dodged, But Underlying Problems Remain

Overall, we were pleased with Impulse Point’s openness, willingness to respond and speed with which they responded to us. It was a refreshing change from the hostility with which some technology companies respond to security vulnerabilities. We also have no reason to believe any of the identified vulnerabilities were ever exploited in the wild.

But the underlying problem remains: Big Content’s relentless crusade against P2P technology has unintended consequences. Just as the RIAA’s lawsuits embroiled a number of innocent people in expensive litigation and Congress’ DMCA takedown procedures often chill speech protected by fair use, these technological “solutions” can cause collateral damage. The pressure to require students, professors and campus visitors to install and run software on their computers as a way to “protect” the content industry is wrong, and can be dangerous. Even in the context of protecting network security, requiring everyone on campus to run programs that either run as root or can be adapted or manipulated from afar is troubling, but as a quixotic attempt to deter copyright infringement, it definitely goes too far.

  1. 1. Professor Byfield's report can be found here; Impulse Point contends that it contains inaccuracies. We provide this link for historical purposes and have not confirmed all of the assertions in the report.

Courts Call Out Copyright Trolls' Coercive Business Model, Threaten Sanctions

the Electronic Frontier Foundation - Czw, 2011-10-06 06:14

A Virginia district court is the latest to call out a copyright troll for using a business model designed to be little more than a shakedown operation to extract quick and easy settlements from hundreds of thousands of John Doe defendants. Judge Gibney says it far better than we could:

The Court currently has three similar cases before it, all brought by the same attorney. The suits are virtually identical in their terms, but filed on behalf of different film production companies. In all three, the plaintiffs sought, and the Court granted, expedited discovery allowing the plaintiffs to subpoena information from ISPs to identify the Doe defendants. According to some of the defendants, the plaintiffs then contacted the John Does, alerting them to this lawsuit and their potential liability. Some defendants have indicated that the plaintiff has contacted them directly with harassing telephone calls, demanding $2,900 in compensation to end the litigation. When any of the defendants have filed a motion to dismiss or sever themselves from the litigation, however, the plaintiffs have immediately voluntarily dismissed them as parties to prevent the defendants from bringing their motions before the Court for resolution.

This course of conduct indicates that the plaintiffs have used the offices of the Court as an inexpensive means to gain the Doe defendants' personal information and coerce payment from them. The plaintiffs seemingly have no interest in actually litigating the cases, but rather simply have used the Court and its subpoena powers to obtain sufficient information to shake down the John Does. Whenever the suggestion of a ruling on the merits of the claims appears on the horizon, the plaintiffs drop the John Doe threatening to litigate the matter in order to avoid the actual cost of litigation and an actual decision on the merits.

The plaintiffs' conduct in these cases indicates an improper purpose for the suits. In addition, the joinder of unrelated defendants does not seem to be warranted by existing law or a non-frivolous extension of existing law.

The Virginia court ordered the plaintiff to show why it should not be sanctioned for this behavior, and also ordered it to “immediately” notify the subpoena recipients (the ISPs) that the subpoenas have been quashed and all defendants but one severed from the case. Also of note, the court ordered the plaintiff to file (under seal), copies of all notices sent to all defendants. It’s unclear what, if anything, the court will do with that information, but we’re hopeful it will help notify the Doe Defendants that they’ve been severed from the suit.

The Eastern District of Virginia orders join a couple of other positive recent rulings. In Texas, repeat plaintiff’s lawyer Evan Stone was scolded by Judge McBryde for not “display[ing] the slightest degree of candor” by failing to disclose that he has:

filed at least sixteen lawsuits similar to the instant action in [another] division of this court, that each of those lawsuits was summarily dismissed, principally for improper joinder of the defendants, and that discovery of the kind, and under the conditions, sought by, and granted to, plaintiff in this action was inappropriate.

And in the Northern District of California, Magistrate Judge Grewal severed all but one of 5,041 Doe Defendants, stating that,

As the court has come to learn in yet another of the recent “mass copyright” cases, subscriber information appears to be only the first step in the much longer, much more intrusive investigation required to uncover the identity of each Doe Defendant. The reason is simple: an IP address exposed by a wireless router might be used by the subscriber paying for the address, but it might not. Roommates, housemates, neighbors, visitors, employees or others less welcome might also use the same address.

We applaud these judges for calling these cases what they really are – little more than a shakedown scheme – and for stopping plaintiffs from running roughshod over due process in order to extort settlements.

Subskrybuj zawartość