As we've explained before, a number of Hollywood movie studios have been on the war path against Redbox, the kiosk-based DVD rental operation, because Redbox offers DVD new releases for rent at 99 cents per night. Thanks to the first sale doctrine in copyright law, Redbox's business is completely legal—the company buys legitimate DVDs to stock their kiosks. Great for consumers, and a great alternative for those who might otherwise opt for an unauthorized alternative online.

But Hollywood wasn't pleased, and took a number of steps to interfere with Redbox's business, which in turn led to lawsuits. Earlier this week, Redbox and Warner Brothers settled their litigation, with Redbox promising not to offer Warner DVDs until 28 days after the DVD goes on sale. In other words, no more Warner new releases in the Redbox kiosks. Analysts predict this will be a blueprint for similar settlements with other Hollywood studios.

The Media Wonk has published a great recap of what happened, detailing how the movie studios put pressure on distributors and retailers and ultimately succeeded in subverting the first sale doctrine:

I’m assuming the studios’ were well-advised in their campaign against Redbox, and managed to strong-arm the wholesalers and big-box retailers without actually violating antitrust laws. But it’s still worth noting, I think, the extraordinary lengths to which they were willing to go to thwart the plain language and intent of an inconvenient portion of copyright law.

The First Sale Doctrine was promulgated–first by courts and later by Congress–precisely to deny publishers control over the secondary market in copies of works. It evolved to ensure that the practical application of the copyright statute would not be inconsistent with the Constitutional purpose of copyright itself: “To promote the progress of science and useful arts.” It does that by encouraging a robust and innovative market in copies, including a robust secondary market.

Through their many Redbox machinations, the studios have found a way around the plain purpose of the First Sale Doctrine by effectively (if not quite illegally) fixing the price of DVDs in the secondary market.

Over the weekend, Google announced significant changes to its new social networking service, Buzz. Responding to criticism (including EFF's), Google moved away from the system in which Buzz automatically sets you up to follow the people you email and chat with most. Instead, Google has adopted an auto-suggest model, in which you are shown the friend list with an option to de-select people before publishing the list. While a full opt-in model would be less likely to result in inadvertent disclosures of private information, this is a significant step forward.

In addition, Google said it would show current Buzz users the setup process again, giving a second chance to review and confirm the follower list "over the next couple weeks." We recommend that all current Buzz users immediately turn off the public list, and review their friend list before making it public again. (Instructions)

Google will also stop automatically connecting Picasa Web Albums and Google Reader shared items, and allow users to hide Buzz from Gmail or disable it completely.

These problems arose because Google attempted to overcome its market disadvantage in competing with Twitter and Facebook by making a secondary use of your information. Google leveraged information gathered in a popular service (Gmail) with a new service (Buzz), and set a default to sharing your email contacts to maximize uptake of the service. In the process, the privacy of Google users was overlooked and ultimately compromised.

Though Google responded quickly to these privacy concerns, they never should have happened in the first place. While Buzz previously had a lot of these privacy options available, the user interface failed to provide users with the setting users had reasonably expected. Google should follow fair information practices and make secondary uses of information only with clear, unequivocal user consent and control.

Part of the problem may have stemmed from Google's testing process. The BBC reports that Google only tested Buzz internally with its employees, omitting "extensive trials with external testers - used for many other Google services." Google employees are sophisticated power-users who will meticulously review the available settings. However, a good user interface for privacy must work for all users, and match the default settings with the expectations of the users. Only through broad based testing can Google be sure that users are giving informed consent.

Next week Google will face a federal judge and ask for approval of the Google Books settlement. EFF has raised privacy concerns, including the possibility that Google might make secondary uses of the Books information. Buzz's disastrous product launch highlights the danger posed by this possibility, and showcases the need for firm enforceable commitments to protecting user privacy.

Reports are coming in of additional privacy issues.

The Register reports that "Google Buzz is susceptible to exploits that allow an attacker to commandeer accounts and even learn where victims are located." While a security blog now reports this was fixed, Google should conduct a thorough security review to ensure that no other problems persist.

PC World notes that Google's "vanity URL" functionality presents users with an unfortunate choice: Either expose your email address to the general public, or host your profile at a monstrously long numeric URL. Google ought to provide a third, middle-of-the-road option by allowing users to select a simple and memorable URL which is not based on their email address.

Imagine you're a music journalist who maintains a blog. You've just found a great, new, virtually-unknown artist that you want to tell the world about. How can you do so, in a way that is simple and convenient for your readers, but does not place you or your blog's host at risk of being sued?

Thanks to the increasingly aggressive copyright-enforcement tactics of the music industry, this has become a startlingly complicated question with no good answer.

In the latest signal of this conundrum, at least six music blogs were deleted last week by Blogger due to copyright complaints. It's uncertain who made the accusations that lead to the deletions, but the most likely culprit is the International Federation of the Phonographic Industry (IFPI), a copyright-enforcement organization which had previously filed copright takedown notices against some of the targeted blogs.

Although the takedowns were made in the name of stopping piracy, the deleted blogs do not appear to have been hotbeds of illegal file-sharing. Indeed, some had operated for years and acquired a serious and substantial readership. Like many music blogs and magazines, they mostly posted reviews of artists, albums and concerts.

In at least one case, IFPI's accusations of copyright infringement were almost certainly incorrect. Bill Lipold, author of the deleted I Rock Cleveland, has outlined in painstaking detail the ways in which he received explicit permission to post every file on his blog, including ones which were later accused of infringement and forcibly removed. In one case, the band's publicist wrote of the takedown, "Just so you know, this is none of our doing...apparently, DMCA operate on their own set of odd rules, as they even requested that the (band's) official blog remove the song....What a headache..."

In cases like this, attacks on music blogs seem to be the latest example of the widening disconnect between the goals of the music industry's promotional wing and its enforcement wing. Smart musicians and promoters understand that the Net is a powerful promotional tool, and know that sharing an artist's music is the best way to earn new fans. The IFPI, on the other hand, writes clearly in its takedown notices that "Our top priority is to prevent the continued availability of the IFPI Represented Companies' content on the internet." We've already seen this divergence of interests play out in recent fiascos surrounding bands like OK Go and Death Cab For Cutie. And the television industry has seen similar problems in its attacks on YouTube.

In other cases, it appears that the bloggers may have posted or linked to copyrighted material without permission. But, as targeted blogger Patrick Duffey explains, it's often next to impossible to know exactly which content is being accused of infringement:

In their DMCA take down letters they never inform you what the infringing mp3’s are, forcing the writer to take down ALL the mp3’s in the offending post whether they have the permission to post them or not... If they had just included what the offending mp3’s were they could have avoided all of these headaches and bad press and we could have kept on going like any other day.

Living Ears, another targeted blog, echoes those sentiments:

One problem with these notices is that they do not mention infringing files by name. When I post the playlist from Scene Not Heard and link to a couple of tracks, if I receive a DMCA notice, how can you tell which file is to be deleted?

Targeted bloggers need to know these details, not only so that they can remove the file if it's indeed infringing, but so that they can file a DMCA counter-notice in the event that the file is not infringing.

Ordinarily, the party issueing the takedown notice would be required by US copyright law to specify which content is being accused. But, as an international organization headquartered in London, IFPI is arguing that it doesn't even need to play by the USA's rules. "We neither admit nor accept," they write, "...that Google is entitled to be served a notice in compliance with the DMCA." Translation: IFPI is essentially threatening to sue Google under some unspecified foreign law — presumably one which lacks even the modest safe-harbor provisions available in the USA. It's no wonder Google felt the need to take drastic action to avoid liability, even at the expense of the resulting headaches and bad press.

By now, the affected blogs have mostly migrated elsewhere — in most cases to software like Wordpress, deployed on smaller and less well-known hosting services. While this will buy them some time, these smaller hosting services are just as vulnerable as Google is to attacks by the IFPI and their ilk. In fact, most smaller hosts are likely to be even less helpful to bloggers than Google has been, since they tend to lack Google's legal resources and PR imperatives.

That being said, there are steps that music bloggers can take to protect themselves. Though EFF hasn't created resources specifically for music bloggers, many of the suggestions made in our Guide To YouTube Removals and Guide To Avoiding Gripes About Your Gripe (or Parody) Site will be relevant. Note especially this list of web-hosts that have been known to show some spine when faced with legal threats over their customers' content. And, of course, all current users of Blogger should make regular use of Blogger's "export" feature to back-up their work.

If this game of whack-a-mole seems familiar, that's because it is. The same copyright-enforcement machine that was originally designed to fight music piracy, having largely failed at that goal, has now been turned on music journalists, and — in some cases — musicians themselves. It's just the latest example of how legitimate speech and innovation will continue to be endangered until either Congress or the music industry takes serious steps to fix things.

ACLU National, ACLU of Wisconsin, and EFF have filed an amicus brief in the Wisconsin Supreme Court arguing that the law of that state prohibits police from installing a GPS device on you or your car without first getting a warrant from a judge. A growing number of state high courts have decided that their citizens should be protected from suspicionless GPS tracking, recognizing that uninterrupted around-the-clock surveillance is qualitatively different from ordinary police observations of a suspect. In the Wisconsin case, People v. Sveum, we ask the court to follow the example of Washington, New York, and Massachusetts and find that GPS tracking is a search that requires a warrant. EFF participated as amicus in the New York case, People v. Weaver, and is awaiting a decision under the federal Constitution in U.S. v. Jones, a GPS tracking case pending in the Court of Appeals for the District of Columbia. As more and more states find that their residents have a reasonable expectation that they will not be digitally tracked with surreptitiously installed devices, the federal courts must take note. The Fourth Amendment protects legitimate expectations of privacy.

EFF is also actively litigating several location privacy cases involving government use of cell phone tower information to track the location of mobile handsets. These cases involve the same creepy surreptitious pervasive electronic tracking as GPS tracking, but somewhat different legal issues in part because a complex statutory scheme protects data generated by cell phones. We recently argued one such case in the Third Circuit Court of Appeals. For an in depth analysis of the legal issues in that cell tracking case, see our amicus brief.

For more information, see: State v. Jackson, 150 Wash. 2d 251, 76 P.3d 217 (2003) (installation of a GPS tracking device on defendant’s car required a warrant), People v. Weaver, 12 N.Y.3d 433, 909 N.E.2d 1195 (2009) (same), and Commonwealth v. Connolly, 454 Mass. 808, 913 N.E.2d 356 (2009) (installation and monitoring of a GPS tracking device on defendant’s minivan was a seizure).

San Francisco - What questions should consumers ask before buying a digital book or reader? Today the Electronic Frontier Foundation (EFF) published "Digital Books and Your Rights," a checklist for readers considering buying into the digital book marketplace.

Over the last few months, the universe of digital books has expanded dramatically, with products like Amazon's Kindle, Google Books, Internet Archive's Text Archive, Barnes and Noble's Nook, and Apple's upcoming iPad poised to revolutionize reading. But while this digital books revolution could make books more accessible than ever before, there are lingering questions about the future of reader privacy, consumers' rights, and potential censorship.

EFF's checklist outlines eight categories of questions readers should ask as they evaluate new digital book products and services, including:

*Does the service protect your privacy by limiting tracking of you and your reading?

*When you pay for a book, do you own the book, or do you just rent or license it?

*Is the service censorship resistant?

"As these new services roll out, we need to know if they will respect or hamper the traditional rights and expectations of readers. Physical books have many natural protections for readers, and other protections have been created over time by libraries and bookstores," said EFF Senior Staff Attorney Corynne McSherry. "These questions will help book lovers decide what they want their digital book future to look like and then vote with their feet to get to that future."

As other ebook readers and reader services develop, a federal judge is considering final approval of a settlement that would pave the way for a huge expansion of Google Books, giving Google the green light to scan and digitize millions of books and allow users to search for and read those books online. Unfortunately, Google's system monitors what books users search for, how much of the books they read, and how long they spend on various pages, and Google refuses to require a warrant before providing that information to the government. EFF Legal Director Cindy Cohn will appear before the court at a hearing in New York on February 18, representing a coalition of authors including Michael Chabon, Jonathan Lethem, and many others concerned about reader privacy.

"Our coalition is asking the court to ensure that Google's huge new digital library/bookstore maintains the strong protections for reader privacy that traditional libraries and bookstores have fought for and largely won," said Cohn.

For more information on next week's hearing, email press@eff.org.

For the full report "Digital Books and Your Rights":
https://www.eff.org/wp/digital-books-and-your-rights

For more on digital books:
http://www.eff.org/issues/digital-books

Contacts:

Corynne McSherry
Senior Staff Attorney
Electronic Frontier Foundation
corynne@eff.org

Cindy Cohn
Legal Director
Electronic Frontier Foundation
cindy@eff.org

Redwood City, Calif. - On Thursday, February 18, at 9:00 a.m., the Electronic Frontier Foundation (EFF) will urge a judge in Redwood City, California, to suppress evidence illegally gathered from an iPhone.

In People v. Taylor, police in Daly City, California, seized the suspect's phone during his arrest. Hours later, investigators searched through the data on the device -- including contacts, called phone numbers, emails, text messages, Internet search history, and photos -- without a search warrant. Police later obtained a search warrant for the phone, based in part on information gathered during the initial illegal search.

In Thursday's hearing, EFF Senior Staff Attorney Marcia Hofmann will ask the court to suppress the illegally gathered evidence and quash the warrant based on that improperly collected information.

For more information on attending the hearing, email press@eff.org.

WHAT:
People v. Taylor

WHEN:
Thursday, February 18, 2010
9:00 a.m.

WHERE:
Department 2A
San Mateo County Superior Court
400 County Center
Redwood City, CA 94063

For more on this case:
http://www.eff.org/cases/people-v-taylor

Contacts:

Marcia Hofmann
Senior Staff Attorney
Electronic Frontier Foundation
marcia@eff.org

Jennifer Stisa Granick
Civil Liberties Director
Electronic Frontier Foundation
jennifer@eff.org

Google's new social networking service, Buzz has upset a lot of people who have inadvertently posted the list of the people they email and chat with most frequently on their profile. If you took the default options and didn't opt-out or edit this list during profile creation, the list becomes part of your profile. Since who you email with frequently can often be private information (reporters and sources, doctors and patients, former significant others, etc), making this list public can create serious problems.

If you're going to use Google Buzz, we recommend that you opt-out during profile creation. If you have already created a profile, change it to private immediately. Then go through the suggested list, and edit it as appropriate before making it public again. PC World has a helpful privacy checklist to help users understand the privacy implications of Google Buzz options.

Google has attempted to address some of these issues, making it easier to block people and hide the friend list. The underlying issue is that your email and chat contacts are not necessarily people you want to advertise as friends via a public social network. Since Google's competitors make it hard to transfer list of social contacts to new services, Google attempted to jump start Buzz with lists drawn from its successful Gmail and Gchat services. While this may help Buzz grow and save users the time to type in all their contacts, it also has an inherent danger of inadvertent disclosure of private information. Google could significantly reduce this problem simply by making the list private by default, so users could opt-in after reviewing the suggested list.

Google might also consider allowing those who agreed to join Google Buzz without understanding its implications to opt-out fully. Currently, "turning off" Google Buzz merely suspends the viewing and public broadcasting of messages until you might want to re-connect your private email world and the public space again. Some Gmail users would prefer that those worlds stay strongly unconnected. They do not want a list of potential "followers" to gather, awaiting the moment that a user mistake or poor interface design inadvertently reveals private data to the world once again. Google is apparently considering separating Buzz from Gmail.

Who needs a jetpack when you have a digital freedom-fighting robotic exoskeleton? Check out EFF's 20th Anniversary commemorative t-shirt and poster designed by EFF staff designer Hugh D'Andrade! The artwork features the EFF Liberty Mecha warrior lighting the way and kicking down walls for your online rights.

Pick up the 20th anniversary poster! This is a high quality offset litho print suitable for framing. The image measures 13" X 19" on 18" X 24" heavy stock. It's just the thing to spruce up that server room.

This design also appears on our newest member t-shirt! These swanky royal blue shirts feature the EFF Liberty Mecha on the front and a steel-winged EFF logo on the back proclaiming 20 years of freedom. It's available in three different styles: women (S-XL), men (S-3XL), and youth (M-L). Get yours today!

Thanks for standing by us and for keeping EFF going!

You bought it, you own it.

That's a concept we've been fighting to defend for years against erosion at the hands of patent and copyright owners, in contexts as diverse as printer cartridges, promo CDs, and software. The answer should be simple—if you bought it, a copyright or patent owner shouldn't be able to use federal intellectual property law to dictate whether you can resell it, simply by pointing to boilerplate in a license agreement or label. That's thanks to the "first sale doctrine" (also known as "exhaustion").

Today EFF, joined by national library associations, the Consumer Federation of America, Public Knowledge, and U.S. PIRG, filed an amicus brief in Vernor v. Autodesk, the latest battle to raise the question of whether the "first sale doctrine" will continue to have vitality in a world filled with end-user license agreements that claim that you own nothing, but rather merely "license" it. The appeal pits eBay seller Timothy Vernor against software giant Autodesk. When Mr. Vernor tried to auction four authentic, packaged copies of AutoCAD software, Autodesk sent DMCA takedown notices to block his auctions and threatened to sue him for copyright infringement. Mr. Vernor, assisted by the lawyers at Public Citizen, took Autodesk to court and won.

Autodesk has appealed, arguing that so long as its license agreements recite the right magic words, it can strip purchasers of any ownership in the CD-ROMs on which software is delivered. If that's right, then not only don't you own the software you buy, but any copyright owner can simply recite the magic words and effectively outlaw libraries, used bookstores, and DVD rentals, among other things (eBay also filed an amicus brief on behalf of Mr. Vernor). That would be bad news not just for consumers looking to save a few dollars, but also for our ability to access older, out-of-print materials. For these materials, often libraries and second-hand sellers are the only hope for continued public access.

This appeal is one of three pending before the Ninth Circuit that touch on "you bought it, you own it" issues. Along with EFF's pending petition with the Copyright Office to permit iPhone jailbreaking (which also turns on what rights you have as a software owner), these three cases promise to have a substantial impact on the shape of the "first sale doctrine" in the digital age.

San Francisco - The Electronic Frontier Foundation (EFF), joined by a coalition of public interest, consumer, and library groups, urged a federal appeals court Thursday to preserve consumers' rights and the first sale doctrine in a battle over an Internet auction of used computer software.

Timothy Vernor is an online software reseller who tried to auction four packages of Autodesk's AutoCAD software on eBay. Autodesk threatened Mr. Vernor with a copyright lawsuit, claiming that its software is only "licensed," never sold. With the assistance of the public interest litigators at Public Citizen, Vernor filed suit in Seattle against Autodesk, asking the court to clarify his right to resell the AutoCAD software packages. He prevailed before the district court in 2009, prompting Autodesk to appeal.

"For too long, software companies have tried to strip consumers of their rights as owners of software by pretending that all software is licensed, rather than sold," said EFF Senior Staff Attorney Fred von Lohmann. "But if software companies can strip us of our rights with a license agreement, there's nothing to stop book publishers, record labels, and movie studios from using the same trick to shut down libraries, archives, used bookstores, and online auctions. For more than a century, the first sale doctrine in copyright law has stood for the principle that if you bought it, you own it, and you can resell it or give it away."

In an amicus curiae brief filed Thursday with the U.S. Court of Appeals for the 9th Circuit, EFF -- joined by the Consumer Federation of America, the American Library Association, Association of Research Libraries, Association of College and Research Libraries, U.S. Public Interest Research Group, and Public Knowledge -- argued that Autodesk cannot trump the first sale doctrine with a "license agreement" included with its software.

"What's at stake in this case is the ability of consumers actually to own the things they pay for. We can't let the fine print used by the copyright holder gain complete control over every aspect of a work's use," said Sherwin Siy, deputy legal director for Public Knowledge. "If that happens, then everything becomes a potential copyright infringement. The simple things we take for granted, like buying and selling used books or CDs, or even software, would disappear under the threat of massive fines or possible criminal charges."

For the full amicus brief:
http://www.eff.org/files/filenode/vernor_v_autodes/VernorAmicus.pdf

Contact:

Fred von Lohmann
Senior Staff Attorney
Electronic Frontier Foundation
fred@eff.org

i.author{display:none} Announcement by Brad Templeton

In early 2000, after a tumultuous period in the EFF’s history, and the staff down to just a handful, I was elected chair of the Electronic Frontier Foundation. I had been on the board for just a few years, but had been close to the organization since it was founded, including participating with it as a plaintiff in the landmark supreme court case which struck down the Communications Decency Act in 1996.

Having now served 10 years as chairman, it is time to rotate out, and I am happy to report the election of John Buckman, founder of Magnitune and Bookmooch (among other ventures) as our new chair. As a part-time resident of Europe, John will, like me, offer an international perspective to the EFF’s efforts. Pam Samuelson, a law-professor of stunning reputation and credentials, will act as vice-chair during the coming 5-year term, replacing John Perry Barlow.

I would love to claim credit for the EFF’s tremendous growth and success during my tenure, but the truth is that our active and star-studded board is a board of equals. We all take an active role in setting policy and attempting to guide the organization in its mission to protect important freedoms in the online world. While it would shock most of my previous employees, my board management has been very laissez-faire. I and the other board members try to let our great team do their stuff.

After I became chairman, one of the best things we on the board probably did was to re-recruit Shari Steele, our former legal director, to become the new executive director. Shari had been with the EFF for many years but had left to work on a new venture. We brought her back and it’s been positive ever since. We also recruited Cindy Cohn to be our legal director. Cindy had a long history of friendship with the organization, having worked tirelessly with our help on the fight to stop export controls on encryption. WIth these two appointments, I and my fellow board members started the course for an incredible decade. In spite of a chaotic global economy, during this period, our fundraising, budget and staff size have more than tripled. (That may seem minor for a dot-com but it’s great news for a non-profit.) We’ve boosted membership and membership dontations, increased funding from foundations, and created an endowment to assure the EFF’s future.

The EFF is now 20, so I’ve been privileged to chair it for half of its lifetime. In that period we’ve seen dramatic victories for free speech, privacy and freedom to program. We’ve stopped e-voting abuse and rootkits in your music CDs. We’ve protected bloggers as journalists and preserved anonymous speech online. We’ve stopped encryption software from being controlled like a munition and had so many other triumphs, big and small. We’ve also seen an expanded technical and activism program, as our technologists have led the way in unveiling things like secret dots generated by colour laser printers that track your printouts back to you and network interference with filesharing by cable ISPs.

We’ve also had our failures, but even those have spoken loudly about the quality of our team. When we took Grokster/Streamcast to the supreme court, our client lost, but the court laid down a fairly narrow standard that allows software developers building new generations of publishing products to know how to stay clear of liability. Our cases against the White House’s warrantless wiretapping program have hit major hurdles, one of which was an act of congress created specifically to nullify our attempts to have a court examine this program — granting a retroactive immunity to the phone companies that did it. Bad as that was, I figure if they have to get an act of congress to stop you, you know you’ve hit a nerve.

We’ve also hit many nerves with our great FOIA team that has uncovered all sorts of attacks on your rights, and continues to do so, and our team of activists and our new international team are working hard to promote our doctrine of free speech and freedom to develop technology around the world. With all our team does, many are shocked to find it is only around 30 people. Still, we could do much more and your donations are still what makes it all happen. I hope that if you believe in the duty to protect fundamental freedoms online, you will work towards it, or consider outsourcing that work with a donation to us.

I am not leaving the EFF — far from it. I will continue to be an active boardmember. In addition, I will begin to re-explore commercial ventures, seek new opportunities, and continue on my quest to become a leading evangelist for one of the world’s most exciting new technologies — robotic transportation. At my robocars site you can see my beginnings of a book on the subject, and why it may have the largest positive effect on the world that computer technology delivers in the medium term. Of course with my EFF hat on you will find growing sections on the freedom and privacy issues of the technology.

During my tenure, I have served with a tremendous group of fellow board members, as you can see from the biographies at the EFF board page. I will continue to work with them to protect your rights as the world becomes digital, and I hope you will all join with me in supporting the EFF with your thoughts and your dollars.

San Francisco - Today a federal appeals court rejected a government claim of "lobbyist privacy" to hide the identities of individuals who pressured Congress to grant immunity to telecommunications companies that participated in the government's warrantless electronic surveillance of millions of ordinary Americans. As the court observed, "There is a clear public interest in public knowledge of the methods through which well-connected corporate lobbyists wield their influence."

The Electronic Frontier Foundation (EFF) has been seeking records detailing the telecoms' campaign for retroactive legal immunity under the Freedom of Information Act (FOIA). Telecom immunity was enacted as part of the FISA Amendments Act of 2008.

"Today's ruling is an important one for government and corporate accountability," said EFF Staff Attorney Marcia Hofmann. "The court recognized that paid lobbyists trying to influence the government to advance their clients' interests can't hide behind privacy claims to keep their efforts secret."

This decision is the latest setback for the government in its long-running attempt to delay disclosure of the documents EFF seeks. So far, EFF has obtained thousands of pages of records through this litigation.

"AT&T, Verizon and Sprint expended millions of dollars to lobby the government and get an unconstitutional grant of retroactive immunity for their illegal spying on American citizens," said EFF Senior Staff Attorney Kurt Opsahl. "The public deserves to know how our rights were sold out by and for telecom lobbyists."

The appeals court sent part of the case back down to the district court for further consideration, including whether disclosure of the lobbyists' identities would reveal intelligence sources and methods and whether communications between the agencies and the White House can be withheld under the presidential communications privilege or other grounds.

For the full opinion:
http://www.eff.org/files/filenode/foia_C0705278/opinion2909.pdf

For more on this case:
http://www.eff.org/issues/foia/cases/C-07-05278

Contacts:

Marcia Hofmann
Staff Attorney
Electronic Frontier Foundation
marcia@eff.org

Kurt Opsahl
Senior Staff Attorney
Electronic Frontier Foundation
kurt@eff.org

Nate Cardozo
Open Government Legal Fellow
Electronic Frontier Foundation
nate@eff.org

Our cell phones aren't just for calls anymore. They hold our address books, our calendars, our emails, and our grocery lists. They may even include things like a list of questions to ask your doctor, pictures of your girlfriend, or URLs of web sites you've visited. When can police search your phone and look at all this information?

That's the question that EFF is asking a court in California to consider. In People v. Taylor, police in Daly City, California seized a suspect's iPhone during his arrest. Hours later, investigators bypassed the password and searched through the data on the device without a search warrant. After the officers realized that the information was too extensive to write down, they finally obtained a warrant to search the phone.

EFF has urged the court to suppress evidence gathered by police from the suspect's phone during the warrantless search, including contacts, called phone numbers, emails, text messages, Internet search history, and photos. EFF has also asked the judge to quash the warrant that was eventually issued in part based on the information illegally accessed on the phone.

Of course, criminal suspects will have a lot of information on their cell phones that might be of interest to police, and when investigators have enough evidence to get a warrant, they should be able to search these devices. But if the police can search anyone's cell phone at any time, then everyone's privacy is at risk.

The court will hear the motion on February 18 at 9:00 a.m. in Redwood City, California.

Google's ad during yesterday's Superbowl explained in less than a minute how the story of someone's life can be pieced together from their search queries. Using only the search terms and user's clicks of the search results, Google told the story of a user who seeks love while studying abroad in Paris, finds it, moves to Paris, marries and has a child.

The poignant story, along with Google's suite of search stories, masterfully illustrates how some of the most intimate information in our lives--from planning a trip to political activism--are routinely and vividly expressed in our interactions with Google, and highlights the need for that information to have strong protections.

The Superbowl ad was Google's first foray into national television advertising, and it's great that Google used this opportunity to illustrate the importance of search privacy to one of the world's largest audiences. Now that Google has shown how personal its records of user interaction are, it should follow through and protect that information from involuntary disclosure by anonymizing search queries. Microsoft's Bing is anonymizing this information after six months by deleting the entire Internet Protocol ("IP") address associated with your search queries. Google can and should anonymize search queries in the same way after six months or less.

UPDATE: The hearing has been moved to Friday, February 12, at 9:30am.

Philadelphia - The Electronic Frontier Foundation (EFF) will be arguing this Friday before the U.S. Court of Appeals for the 3rd Circuit in Philadelphia, urging the court to block a government attempt to seize telephone company records detailing a cell phone user's past locations without first getting a search warrant.

EFF is serving as a friend of the court or "amicus," joined by co-amici the ACLU, the ACLU of Pennsylvania, and the Center for Democracy & Technology. Professor Susan Freiwald of the University of San Francisco, who submitted a separate amicus brief to the panel, will be joining EFF Senior Staff Attorney Kevin Bankston in arguing on Thursday that federal privacy statutes in combination with the Fourth Amendment to the U.S. Constitution protect the privacy of cell phone users and require the government to show probable cause before obtaining cell phone location information.

WHAT:
Oral argument In the Matter of the Application of the United States of America for an Order Directing a Provider of Electronic Communication Service to Disclose Records to the Government

WHEN:
Friday, February 12th
9:30am

WHERE:
Albert Branson Maris Courtroom (19th floor)
U.S. Courthouse
601 Market St.
Philadelphia, PA 19106

For more information on attending Thursday's hearing, contact press@eff.org.

For the full EFF amicus brief to the Third Circuit:
http://www.eff.org/files/filenode/celltracking/Filed%20Cell%20Tracking%2...

For more on the issue of cell phone tracking:
http://www.eff.org/issues/cell-tracking

Contacts:

Kevin Bankston
Senior Staff Attorney
Electronic Frontier Foundation
bankston@eff.org

Jennifer Stisa Granick
Civil Liberties Director
Electronic Frontier Foundation
jennifer@eff.org

Rebecca Jeschke
Media Relations Director
Electronic Frontier Foundation
press@eff.org

San Francisco - The Electronic Frontier Foundation (EFF) has won reexamination of an illegitimate patent on voice-over-Internet protocol (VoIP) that could cripple the adoption of new VoIP technologies.

A company named Acceris Communications Technologies, now C2 Communications Technologies, was awarded the bogus patent for hardware, software, and processes for implementing VoIP using analog telephones as endpoints -- covering many telephone calls made over the Internet. EFF and the law firm Fenwick & West LLP filed a reexamination request showing that both a prior patent and published reference materials described the underlying technology long before Acceris made its claim. Today the United States Patent and Trademark Office (USPTO) granted EFF's reexamination request, ruling that there were substantial new questions of patentability.

"Our American patent system is meant to encourage invention and innovation," said EFF Legal Director Cindy Cohn. "Undeserved patents instead serve to quash competition and hurt business and consumers."

"We are pleased that the USPTO agrees with the substantial new questions of patentability raised in EFF's request, and we look forward to the USPTO's ultimate decision on this patent," said Nikhil Iyengar of Fenwick &West.

The challenge to this patent is part of EFF's Patent Busting Project, which combats the chilling effects of bad patents on the public and consumer interests. So far eight patents targeted by EFF have been busted, invalidated, narrowed, or had a reexamination granted by the Patent Office.

For more on EFF's Patent Busting Project:
http://www.eff.org/patent/

Contacts:

Cindy Cohn
Legal Director
Electronic Frontier Foundation
cindy@eff.org

Nikhil Iyengar
Fenwick & West LLP
niyengar@fenwick.com

As part of our Terms of (Ab)use project, we pay close attention to the fine print of online agreements for provisions that are potentially dangerous to consumers. We've noticed a troubling change in the way event planners restrict the rights of individuals who attend their shows. Where once these limitations had to fit on the back of a ticket, increasingly event organizers have moved their fine print online, where they are able to use even more contract law to avoid the limits of trademark and copyright law and actively control what ticket holders can say or do even after the event is over.

These burdensome terms can show up in some pretty unexpected places. Last year we noted how the Burning Man Organization (BMO) used online ticket terms to require participants to assign to BMO—in advance—the copyright to any pictures they took on the playa. Tickets for the 2010 event went on sale in mid-January, and we hoped the new terms would acknowledge the concerns we had expressed. Sadly, the new terms are just as onerous as before.

The "assignment in advance" clause is not the only burdensome provision. The BMO ticket terms limit participants' rights to use their own photos online, obliging them to take down any photos to which BMO objects for any reason and forbidding them from allowing anyone else to download or copy the photos. This means participants cannot donate their works to the public domain or to license their works, even through Creative Commons—no matter what is depicted or whether a use is noncommercial.

Even the notoriously protective Olympics allow spectators to take their own pictures or videos under their Ticket License Agreement, requiring only that the images "not be used for broadcast, publication, or any other commercial purpose." It is disappointing that the BMO cannot be at least as flexible.

Burning Man also continues to strip ticket holders of their right to make perfectly legal uses of its trademarks, forbidding participants from even using the (trademarked) term "Burning Man" on any website. In other words, participants who’d like to blog about their experiences at the event can’t use the words ”Burning Man.” Thus Burning Man uses contract law to do what it cannot under either copyright or trademark law—exert extraordinary control over participants' speech.

Why would BMO—the organizer of an “an annual experiment in temporary community dedicated to radical self-expression and radical self-reliance”—undermine speech and creativity like this? BMO claims that the terms in the Burning Man ticket agreement are necessary to protect Black Rock City’s unique culture and the privacy of its participants. Furthermore, BMO points out that the limitations are rarely enforced and they only claim copyright if the photos are used in a way BMO doesn't authorize. By claiming copyright in all photographs taken at the event, BMO can use the streamlined "notice and takedown" process enshrined in the Digital Millennium Copyright Act (DMCA) to quickly remove unapproved photos from the Internet.

But using online ticket terms for fast and easy takedown and to restrict CC-licensing and dedication to the public domain is a terrible precedent to set. As we pointed out in our post about this issue last year, doctors working with the tort reform group Medical Justice used contract law in the exact same way to censor negative reviews on Yelp and similar sites.

We understand the real challenges BMO faces in trying to preserve its noncommercial, community character. And we are aware that the current BMO enforces these terms only rarely. But a benevolent censor is still a censor—and BMO may not always be so benevolent. The bigger danger, though, is that other event organizers will take a page from the BMO/Medical Justice playbook, and assignment and abrogation of rights will become standard Terms of Ab(use) in all online contracts.

Copyright and trademark law were not intended to be used this way, and the collateral damage to speech and creativity inherent in the restrictions included in the Burning Man ticket agreement is too great. If the good folks at BMO continue to use ticket restrictions like this, Burning Man may very well become a new kind of model—not of temporary community and support for individual creative expression, but of permanent restriction on that very expression.

UPDATE: Downloadable wallpaper now available.

To celebrate 20 years of fighting for your digital rights, EFF staff designer Hugh D'Andrade came up with a commemorative poster! You can download your own hi-res copy from our Flickr page (on a Creative Commons Attribution License), and limited edition prints will be given to VIP Donors at our upcoming 20th Birthday celebration on February 10th at the DNA Lounge in San Francisco. The design will also be available on t-shirts on sale at the event.

Hope to see you there!

EFF's 20th Birthday with Adam Savage and Friends

February 10, 2010
Doors open at 8 pm, VIP event at 7 pm
$30 donation (no one turned away)
DNA Lounge
375 Eleventh Street
San Francisco, CA

Secretary of State Hillary Clinton's announcement of a new U.S. policy on global Internet Freedom included a bold new statement about the responsibilities of American technology companies:

...We are urging U.S. media companies to take a proactive role in challenging foreign governments' demands for censorship and surveillance. The private sector has a shared responsibility to help safeguard free expression. And when their business dealings threaten to undermine this freedom, they need to consider what’s right, not simply what’s a quick profit.

We couldn't agree more.

While Clinton focuses on media companies — meaning Internet media companies like Google, Yahoo! and Microsoft — there are plenty of other companies deserving scrutiny. Specfically, many U.S. (and multinational) technology companies may be knowingly selling Chinese authorities the surveillance equipment used to commit or facilitate human rights abuses. We think it's high time to pay attention to them as well.

The "Corporations of Interest"

Drawing from published news articles, EFF has compiled a list of seven corporations that are reportedly selling surveillance technology to the Chinese government and related entities. We're designating them "corporations of interest".

Of course, news articles alone are not absolute evidence that these companies are indeed fostering repression in China. But it's clear that China uses technology to employ rampant censorship, invasive data collection and intimidation. Learning exactly what is going on, especially in the Chinese environment of state secrecy and propaganda, is difficult. But news reports, especially those that include admissions of some level of involvement from company officials, are a sufficient basis to begin asking further questions.

1. Cisco: Cisco's deep involvement in the building of China's Golden Shield Project has been admitted by the company. Cisco's involvement has even already been raised before Congress, including the fact that Cisco engineers gave a presentation acknowledging the repressive uses for their technology that quoted their Chinese government buyers as saying that Cisco's products could be used to "combat 'Falun Gong' evil religion and other hostiles." The UK's Guardian reports that Cisco provides over 60% of all routers, switches, and network gear to China and estimates that Cisco makes $500 million annually from China.


2. Nortel: Rolling Stone and The Guardian report that Nortel has sold hardware to aid the Golden Shield Project for surveillance and censorship purposes, including working with Tsinghua University to develop speech recognition software to monitor telephone conversations.


3. Oracle: Business Week reports that Oracle has sold software to the Chinese Ministry of Public Security for criminal and ideological investigations. Oracle admits that one-third of its business in China is with the government.


4. Motorola: Business Week also reports that Motorola sold the Chinese authorities handheld devices for street cops to tap into "sophisticated data repositories" on Chinese citizens.


5. EMC: Business Week also reports that EMC sold "sophisticated data repositories" to the Chinese public security authorities. The top EMC executive in Beijing is quoted as saying, "We can expect big revenue from public security agencies" in China.


6. Sybase: Business Week also reports that Sybase sells database programs to the Shanghai police.


7. L-1 Identity Solutions: Rolling Stone reports that this Connecticut-based biometrics company sold software to Chinese companies that aids government officials in identifying individuals for purposes of criminal investigations.

The question of which companies have assisted in Chinese surveillance is just a small piece of a very large puzzle and we're quite confident that there are more than just these seven. And obviously many countries other than China are engaged in Internet surveillance — from Iran's infamous repression of political dissent, to censorship efforts across the globe, to the USA's own domestic surveillance architecture. Corporate complicity in these efforts is equally deserving of scrutiny.

It's also worth keeping in mind that surveillance is only part of the equation. Other technologies created or sold by companies may also be misused by the Chinese authorities. For instance, Internet censorship systems curtail civil liberties almost as severely as Internet surveillance systems. Research by the OpenNet Initiative has shown that censorship systems in many repressive countries have been outsourced to U.S. corporations.

The Solution

What comes next? Again, there's simply not enough publicly available information to be absolutely certain about the extent of any one company's active involvement or complicity.

So, a good first step would be for the companies in question to clear the air and come clean with the public about their behavior. There are six steps we'd like to see them take:

1. Clarify their actual relationships with the Chinese authorities engaged in surveillance and censorship of the Chinese people.


2. Publicly disclose what sorts of products and services they are selling to the Chinese government.


3. Publicly disclose whether they have been doing "customization" or otherwise facilitating targeting of human rights activists or other vulnerable groups in China.


4. Publicly disclose whether they have learned that their products and services are being used for repression.


5. Publicly disclose how much money they make selling products and services to the Chinese government.


6. Publicly disclose the steps they can take to prevent their products and services being used to violate human rights.

EFF (and presumably the State Department) will be watching closely to see whether these and other corporations selling surveillance technologies to the Chinese authorities take these steps.

And if they don't? Then it may be time for Secretary Clinton, or her allies in Congress and the Administration, to pressure them to do so.

If there's one country that might have insight into what a post-ACTA future may look like, it's the Republic of Korea. Korea is known as having one of the most advanced networks in the world, but more recently it has also been the recipient of some of the strongest foreign pressure to ramp up its IP laws. Heesob Nam is a member (and former Chair) of IPLeft, a Korean digital rights activist group founded in 1999 to critique the increasingly maximalist IP rights agenda in that country, and research and present alternative policy proposals. He writes of the impact on Korea of ACTA and other international IP agreements.

For Korea, ACTA is the Anti-Commons Trade Agreement

In August 2008, our group, IPLeft, demanded that the Korean government disclose relevant information about its stance on the negotiation of ACTA. The disclosure was denied, as was our appeal. The reason for the denial was unconvincing: the disclosure, we were told, would result in "a harmful effect on a diplomatic relationship with foreign countries and severe damage to considerable national interests".

How does the participation in an international cooperation to combat the trade of "counterfeit and pirated goods" harmfully impact foreign relationships? Which national interests are to be damaged by open and transparent discussion? Unlike its attitude to civic society and the general public, it turned out that the Korean government already provided relevant information to, and sought opinions from, particular business groups from the earliest stages of the negotiation, at least from November 2007.

When it comes to ACTA, transparency and openness became principles that apply only to a small number of business interests. This is why the secrecy of ACTA is so bad: it mirrors a particular perspective that views the system of intellectual property as a means for maximizing commercial profit and which pays little attention to the broader social, cultural and economic implications of the IP system.

This imbalanced and biased approach is infused into the draft texts that we have seen. The draft chapters on civil enforcement, criminal enforcement, and border measures lack procedural justice and fairness. They improperly promote the interests of IP holders to the detriment of the other party in civil, criminal and administrative proceedings.

The provisions contained in the proposed Internet Chapter appear to impose undue obligations on ISPs. The extent to which ISPs are to be liable for copyright infringement by users is a matter of domestic cultural policy, not a trade issue. Careful balancing of interests and fine-tuning are necessary, including factors specific to local culture and environment which cannot be concluded in a closed room occupied by trade negotiators.

More significantly, the liability of ISPs is of great importance not merely for the protection of copyright: it is important for the protection and realization of everyone’s right to take part in cultural life as declared in legally binding international human rights instruments. One of our concerns about ACTA is the risk of undercutting the principle of the rule of law and the possible conflict with human rights, in particular with the right to a fair trial, the right to equality before courts and tribunals, the right to equality of arms, and the right to be presumed innocent. ACTA tries to introduce substantial changes in civil and criminal procedures. But the proposed changes give rise to issues of procedural justice and fairness, jeopardizing Korea’s obligations under the international human rights instruments, e.g., the International Covenant on Civil and Political Rights, and potentially weakening the democratic values recognized in our Constitution.

For instance, pursuant to the US-Japan joint proposal, any provisional measures such as a preliminary injunction may be rendered by judicial authorities without a prior hearing of the alleged infringer. Here, neither "irreparable harm to the right holder" nor "a demonstrable risk of evidence being destroyed" is explicitly required. Even the Customs office may take an ex-officio action to suspend the release of suspected copyright or trademark infringing goods. Moreover, right holders may be awarded a predetermined amount of damages without having a burden to show the amount of damage or even when the amount is greater than actual damage. An even more severe breach of principles of procedural justice is found in a so-called "camcorder provision" under which anyone who attempts to use an audiovisual recording device to make a copy of any part of an audiovisual work in a theater may be criminally punished. This out-of-proportion rule not only produces a direct conflict with the right to be presumed innocent but also undermines the principle of fair use or fair dealing.

National autonomy is vital in order to decide the proper level of local IP protection and enforcement. Korean IP law has undergone substantial revision due to the threat of trade sanctions from both the US and the EU since the early 1980s. This economic coercion has continued for about thirty years, and has led to an emergence of consistent domestic pressure for stronger IP protection.

Interestingly, the strongest advocates for these reforms in Korea are not the IP industries: they are the executive branches in government which claim competance over the administration of patent, trademark, and copyright. To them, stronger IP protection and enforcement is a chance to enhance their position. The unending economic pressure and the heavy reliance of our domestic economy upon exports have produced this environment. The problem is that these state actors are much more influential than other, emerging local businesses, because they possess institutional capacities and resources to promote a maximalist IP regulatory culture.

With this power, these government agencies have introduced new laws in Korea which may well be used to support controversial provisions currently being discussed in Guadalajara, Mexico. Examples include a filtering obligation imposed on certain online service providers, and a "graduated response" rule under which the Minister of Culture can suspend or terminate the Internet account of a repeat infringer or even shut down a website that the repeat infringer is using. Advocates claim that the shutting-down provision is incorporated in the US-Korea Free Trade Agreement (and Side Letters) (currently awaiting ratification), and may possibly be pushed by the US in modified form during the ACTA negotiations. If ACTA is concluded with an inspiration of such provisions and applied to Korea under the name of international harmony, our effort to reform the copyright system would be undermined, and opportunities for democratic policy discussion at local level would be lost.

Contrary to the beliefs of ACTA negotiators, stronger, criminal enforcement rules can create unintended consequences among the general public. In Korea, following the introduction of these new laws, reports of criminal copyright infringement skyrocketed from 14,838 to 90,979 between 2005 and 2008. Among these, juveniles victims occupied 24% in 2008, an increase from 1.9% in 2005.

This reported increase, however, does not represent a rapid rise of the unauthorized use of copyrighted material by juveniles. Rather, it shows how criminal sanctions can be misused. Under the Korean Copyright Act, any unauthorized acts of reproduction or distribution of copyrighted works can invoke a criminal liability. This wide coverage of criminal sanction paves the way to abuse or misuse of criminal enforcement. ACTA is no different in this sense. In order to be "willful copyright piracy" under ACTA, an infringing activity needs to be "on a commercial scale". But commercial scale is defined so broadly that it covers activities with "no direct or indirect motivation of financial gain". With this broad definition, the infringement on a commercial scale may include almost every unauthorized use of copyrighted work. So, for instance, those who download a single piece of music may risk criminal penalties. In other words, ACTA opens the door to the global misuse of criminal enforcement rules, beyond even what we've seen in Korea.

Here, criminal sanctions have become a sort of new business model for lawyers acting for copyright holders (mainly music and film industries). They monitor Internet users and send warning letters to suspected individuals threatening a criminal action. In exchange for not taking the criminal action, they ask for a cash settlement. Criminal enforcement procedures provide copyright holders with leverage; using the threat of criminal action as leverage for the settlement negotiation as the initiation of criminal procedure is triggered by a complaint by the right holder. Among the 90,979 complaints in 2008, 56% were settled out of court.

ACTA risks exporting Korea's criminal enforcement regime, while importing the worst of other countries' IP laws. But that's not the only reason to oppose it. A trade agreement that breaches procedural justice, fairness, transparency, and proportionality is not Anti-Counterfeiting: it's Anti-Commons.