Updating the Electronic Communications Privacy Act

In 1979, the Supreme Court created a crack in our Fourth Amendment protections. In Smith v. Maryland, the Court ruled that the Fourth Amendment didn’t protect the privacy of the numbers we dialed on our phones because we had voluntarily shared those numbers with the phone company when we dialed them. This principle — known as the Third Party Doctrine — basically suggests that when we share data with a communications service provider like a telephone company or an email provider, we know our data is being handed to someone else and so we can’t reasonably expect it to be private anymore.

Originally published on EFF Deeplinks blog.

Yesterday was a watershed moment in the fight for electronic privacy: the Senate Judiciary Committee overwhelmingly passed an amendment that mandates the government get a probable cause warrant before reading our emails. The battle isn’t over — the reform, championed by Senator Patrick Leahy (D-VT), still needs to pass the rest of the Senate and the House, and be signed by the President to become a law. But yesterday, thanks to thousands of people speaking out, we were able to begin the process of overhauling our archaic privacy laws into alignment with modern technology.

It was a big win for us, even if it was only the first step in the process of reforming privacy law to keep the government out of our inboxes. So we’re dedicating this EFFector to the battle to reform outdated privacy law: what the government can get, what the law ought to be, and what we’re doing to fix the gaping loopholes that leave users vulnerable to government snooping.

The Fourth Amendment and Electronic Privacy

The Fourth Amendment protects us from unreasonable government searches and seizures. In practical terms, this means that law enforcement has to get a warrant — demonstrating to a judge that it has probable cause to believe it will find evidence of a crime — in order to search a place or seize an item. In deciding whether the Fourth Amendment applies, courts always look to see whether people have both a subjective expectation of privacy in the place to be searched, and whether society would recognize that expectation of privacy as reasonable. The Supreme Court made this point clear in a landmark 1967 case, Katz v. United States, when it ruled that a warrantless wiretap of a public payphone violated the Fourth Amendment.

The Third Party Doctrine, or How the Supreme Court Got Us Into This Mess

In 1979, the Supreme Court created a crack in our Fourth Amendment protections. In Smith v. Maryland, the Court ruled that the Fourth Amendment didn’t protect the privacy of the numbers we dialed on our phones because we had voluntarily shared those numbers with the phone company when we dialed them. This principle — known as the Third Party Doctrine — basically suggests that when we share data with a communications service provider like a telephone company or an email provider, we know our data is being handed to someone else and so we can’t reasonably expect it to be private anymore.

The government took this small opening created by Smith v. Maryland and blew it wide open. It argued that this narrow 1979 decision about phone dialing applied to the vast amount of data we now share with online service providers — everything from email to cell phone location records to social media. This is bogus and dangerous. When we hand an email message to Gmail to deliver on our behalf, we do so with an intention that our private communications will be respected and kept in strict confidence, and that no human being or computer will review the message other than the intended recipient. But the government argues that because we handed our communications to a service provider, the Fourth Amendment doesn’t require them to
get a warrant before snooping around our inbox.

Luckily, the courts are beginning to agree with us. In a leading case where EFF participated as amicus, United States v. Warshak, the Sixth Circuit Court of Appeals agreed with us that people had a reasonable expectation of privacy in their email, even if it is stored with a service provider, and therefore the government needed a search warrant to access it. And in the recent Supreme Court case, United States v. Jones, Justice Sotomayor said that she thought the Third Party Doctrine was outdated, while she and four other Justices — including Justice Alito — raised concerns about the information gathered by our
cellphones.

The Eighties Were Good for a Lot of Things — But Not Sustainable Email Privacy Law

It’s not just the Constitution, however. Congress has made clear that certain forms of data are protected by federal statute as well. Following the Katz decision, Congress passed the Wiretap Act in 1968, supplementing the strong Fourth Amendment privacy protections in phone conversations by enacting a comprehensive set of federal statutes. These statutes were designed to ensure that law enforcement has a compelling reason before intercepting phone calls.

And as electronic communication started to become more prevalent, Congress passed the Electronic Communications Privacy Act (ECPA) in 1986 that somewhat improved the privacy rights around certain electronic communications. But as it reflects the technology of 1986, ECPA has aged poorly. It doesn’t address documents stored in the cloud, information revealing our personal associations, or the vast quantities of location data our mobile devices collect on us everyday. And, as a result of loopholes in the law, the Department of Justice, citing ECPA, has argued that it has a right to access emails without a warrant as soon as they are 180 days old, or have been opened and left on the server.

We think that 180-day limit and a distinction between opened and unopened email is arbitrary and wrong. As the Washington Post said in an editorial earlier this week, “If you left a letter on your desk for 180 days, you wouldn’t imagine that the police could then swoop in and read it without your permission, or a judge’s.”

That’s why this week’s vote was so important: it was a critical first step in updating ECPA to evolve with the modern technologies we use today, and to close archaic loopholes that give government too much access with not enough judicial oversight.

What EFF and Activists Like You Are Doing

We’re taking a two-prong approach.

First, we’re fighting for the Fourth Amendment in the courts. We practice impact litigation, taking on clients pro-bono in cases where we believe we can create positive legal precedent around digital privacy and government surveillance. We also submit amicus briefs in cases where we don’t have a direct client, such as in the Warshak and Jones cases noted above. In Warshak we argued that the government could only access emails stored on an ISP with a search warrant, notwithstanding the third party doctrine. And in Jones, we argued the government’s attachment of a GPS tracking device to a car for 28 days was a Fourth Amendment “search,” meaning a warrant was required. The Court agreed with us in both cases, and
as a result privacy protections are stronger now than in the past. And we’ve filed many more amicus briefs this past year, arguing for a search warrant requirement in cases involving cell phone location records [PDF], GPS devices, and home video surveillance.

Second, we’re creating a movement of engaged Internet users and rallying them to demand the government stay out of our email. Yesterday’s win was a result of the tens of thousands of concerned individuals who signed our petition to Congress calling for ECPA reform and who spoke out in other ways. We’re also teaming up with advocacy groups, web companies, start-ups, and venture capitalists in demanding ECPA reform through the Digital Due Process coalition. And we recently joined other advocacy groups in launching VanishingRights.com.

What aren’t we doing? Compromising. Unfortunately often the pressure in DC inside politics is to trade off one important right against another. We don’t think that’s EFF’s role. Instead, we’re advocating for what’s best for the Internet and Internet users, and while we are flexible, we aren’t willing to horse trade with your privacy and due process.

Want to read more about ECPA and our work to reform it? Check out these links:

Take action: Don’t let privacy law get stuck in 1986

Attempt to Modernize Digital Privacy Law Passes the Senate Judiciary Committee

ECPA and the Mire of DC Politics: We Shouldn’t Have to Trade Video Privacy to Get Common-Sense Protections of our Email

Don’t be a Petraeus: A Tutorial on Anonymous Email Accounts

Reform to Require Warrant for Private Online Messages Up for Vote, but Down on Privacy

When Will Our Email Betray Us? An Email Privacy Primer in Light of the Petraeus Saga

From the Nation: Access Blocked to Bradley Manning’s Hearing

Note: This article was originally published at the Nation, and I’m just keeping a copy here for historical purposes. Note that this was before Chelsea had come out as a transwoman.

Bans on recording devices and Internet access and other arbitrary rules are preventing the public from witnessing this historic trial.

The WikiLeaks saga is centered on issues of government transparency and accountability, but the public is being strategically denied access to the Manning hearing, one of the most important court cases in our lifetime.Twenty-four-year-old Private First Class Bradley Manning is facing life in prison or even the death penalty for leaking hundreds of thousands of documents about US wars and diplomacy to the whistleblower website WikiLeaks. Some of the documents in question are now posted online and have been the fodder for news articles and public discussion about world politics for well over a year. This case will show much about the United States’s tolerance for whistleblowers who show the country in an unflattering light. Are we a nation that tolerates criticism and values transparency? Or are we willing to crack down on whistleblowers of conscience? Unfortunately, the military is taking steps to block access by the media and the public to portions of the proceedings, robbing the world of details of this critically important trial.

No full transcript available

The details of Bradley Manning’s prosecution aren’t making their way into the public domain in large part because there is no full transcript being made public. During a recess from the hearing, I questioned a public affairs officer, who refused to provide his name, about when a transcript would be made available. He said that it would likely be three to four months—long after the media interest had faded.

Computers and recording devices banned

The government has banned all recording devices, audio or video, from the media center or the courtroom. This is particularly galling because the government has ample ability to record the proceedings in full and make them publicly available; in fact, the trial is being recorded and livecast to the media center, where reporters under the strict supervision of public affairs officers are taking frantic notes.

Journalists are forbidden to connect to the Internet, making the possibility of live tweeting and live blogging challenging. The government allowed a mere twenty members of the public into the hearing. Spectators were denied laptops, meaning the only way for the public to get notes on the pretrial hearing is by scribbling notes on paper.

Media access denied or rescinded

When Nathan Fuller applied for a press pass to attend the hearing and take notes from the media center, his request was granted—and then rescinded. Among other things, Fuller is an intern with the Bradley Manning Support Network, a coalition of individuals and organizations working to cover the financial costs of Manning’s defense and educate the public about the issues involved. On Monday, I asked the public affairs officer at the hearing what criteria were used to assess whether someone qualified as a journalist for the purposes of receiving a press pass, and he said he did not know. I asked how many other individuals had been denied press passes to the hearing, and he again replied that he didn’t know. I asked how many other individuals had received press passes only to have them rescinded and got the same non-response. He didn’t know if there was a phone number for someone who would have the answers to these questions. I asked my questions again on Tuesday, and the public affairs officer still knew nothing—except that he wouldn’t have an answer for my questions that day.

Overflow theater closed down even when people are barred from the courtroom

On the first day of the hearing, individuals not among the first twenty to arrive at the hearing were given access to a theater across the street. While recording devices were not allowed, this theater offered the flexibility to enter and leave at will. As a result, there was access to cars where laptops and cell phones were stored, which facilitated reporting. The theater also provided a way for those who were late to the hearing to be able to sit down and start watching the proceedings right away, instead of waiting in an empty trailer for an hour or more for the first recess. This is particularly important because there were long lines to have vehicles inspected to gain entrance to the base, and there was no published schedule for when the hearing would begin, making lateness a frequent occurrence.

After the second day, however, the overflow theater was closed down. I spoke to a military representative who said the theater was closed down because the courtroom wasn’t full. It is true that Saturday the courtroom was not at spectator capacity, but that was the day of the public rally protesting the prosecution of Bradley Manning, so it’s not surprising there were fewer people in the court. The courtroom was at capacity on Tuesday and two individuals who had driven in from Occupy DC were denied entrance because there were not enough available seats. Nonetheless, the military still refused to open the theater.

No accommodations for disabled and elderly access

If you’ve got a small bladder, poor hearing or can’t handle stairs, then forget about attending Manning’s trial. I was particularly sad to see famed Pentagon Papers whistleblower Daniel Ellsberg struggling to hear the proceedings. I spoke to the military police and urged them to open the public theater so that individuals like Ellsberg could sit closer to the sound system. I was rebuffed.

Access denied

Manning’s pretrial hearing is being held at Fort Meade in Maryland. Individuals who want to drive on base have to undergo a lengthy inspection of their vehicle, often waiting in line for a long period of time. And sometimes even waiting in line won’t get you in: Lt. Daniel Choi, a veteran and outspoken advocate for ending the military’s discriminatory policies toward LGBT servicemembers, was held at the entrance at length. The military personnel at the entrance to the base took issue with Lt. Choi’s military uniform and delayed his entrance to the base for some time. Though he eventually passed through security, Choi was there only briefly before being removed from the base; his uniform was ripped and his wrist injured as he was forcibly evicted. The military, which did not charge him, accused him of “heckling,” though no witnesses saw any evidence of untoward behavior on Choi’s part.

Lt. Choi spoke out against the Manning trial during an interview with Keith Oblermann. “You don’t have to be in the military to understand this is a show trial,” he said, “This is a farce of justice and being in that courtroom this weekend, I don’t think that America has had lower moments.”

The long delay at the entrance caused Choi to arrive late at the courtroom, and because the theater was closed he was unable to watch much of the proceedings.

While the documents attributed to Manning have been widely dispersed and are the subject of many news articles, the government insisted on shutting the public and the media out of large portions of the hearing. On the third day of the trial, the investigating officer decided to accommodate the prosecution’s request for a closed hearing for a portion of the next day. The investigating officer found that the information had been properly classified and that the need to maintain that classification outweighed the value of a public and open trial. But the public, who has had access to the WikiLeaks releases for well over a year, was not given an opportunity to object. The only objection raised was from the defense team of Bradley Manning, to no avail. No explanation was provided regarding what information would be reviewed in the closed portion of the trial. And notably, the investigating officer allowed “relevant government agencies” to remain even as the public was ousted, without providing any information on what agencies were considered relevant.

No media organizations have yet contested the right to have access to the closed portions of the proceedings.

Wikileaks thrown out

Among those thrown out of the courtroom during the closed portions of the hearing were attorneys for the whistleblower website WikiLeaks. WikiLeaks had petitioned for guaranteed access to the hearing, and had sent in an attorney who had the highest level of secret security clearance. The Center for Constitutional Rights, which is representing Assange and WikiLeaks, is appealing their right to access the trial. In a press release, CCR legal director Baher Azmy said, “As counsel for WikiLeaks and Julian Assange, we must be given access to these proceedings. The lack of transparency that has been a hallmark of the military’s prosecution of Private Manning to date also serves to obscure his abusive conditions of confinement.” Assange and his lawyers are also concerned about the threat of an extradition request from the United States on matters raised in Private Manning’s proceedings.

At its heart, the Bradley Manning trial is about secrecy, about understanding how our own government as a world power operates in complex international waters, about debating the sacrifices we’re willing to make to advance our interests. Whatever interests the military may have in conducting its case against Manning behind closed doors, we as a society cannot tolerate attempts to rob us of knowledge of the court proceedings. This trial will change the history of our country; I only hope we get to be in the room when it happens.

In South Korea, the only thing worse than online censorship is secret online censorship

In South Korea, even the censors are being censored. Professor K.S. Park, who sits on South Korea’s nine-member Internet content regulatory board, has found his own blog under threat of censorship when he used it as platform to speak out for transparency and free expression.

This post was originally published on EFF Deeplinks,with my amazing colleague Jillian York.

EFF is sending an open letter to the Korean Communications Standards Commission condemning attempts to shut the public out of their work and urging them to embrace online freedom of expression.

In South Korea, even the censors are being censored. Professor K.S. Park, who sits on South Korea’s nine-member Internet content regulatory board, has found his own blog under threat of censorship when he used it as platform to speak out for transparency and free expression.

South Korea is one of few global democracies that has enacted substantial controls on online communications. Earlier, the country’s Telecommunications Business Act (1991), which states that ‘‘a person in use of telecommunications shall not make communications with contents that harm the public peace and order or social morals and good customs”, as well as the Information and Communication Ethics Committee (ICEC), formed in 1995, set the stage for government restrictions on a wide variety of online content. Furthermore, the country’s anti-communist National Security Law (NSL), enacted in 1948, justifies the censorship of websites related to North Korea or communism. These nebulous, overbroad laws can be interpreted not only to cover content deemed obscene, but also content that is political or historical in nature.

The Korean Constitutional Court struck down the Telecommunications Business Act provision for being too vague, warning about the risk of censorship associated with the ICEC regime.

Korean Communications Standards Commission

  • 9 members appointed by the president
  • 3 year terms
  • 6 members from the majority party, 3 members from the opposition party
  • Censors thousands of URLs weekly

However, unabashed, the South Korean government has merely replaced ICEC with another administrative body whose job it is to apply new, vague legal standards to the Internet. Made up of nine members appointed by the president, theKorean Communications Standards Commission(KCSC) was created to regulate Internet content. The KCSC describes its own role as protecting “internet users’ rights and prevent circulation of illegal and detrimental information in the cyberworld”, but in reality has been used to control a broad scope of content, including gambling sites, and sites containing allegedly defamatory content. South Korea has also enacted considerable surveillance measures, as well as a restriction on online anonymity that is being challenged in the Constitutional Court.

Professor K.S. Park is a member of KCSC, one of three members suggested by the opposition party. Prof. Park is a scholar with a long history of defending online freedom of expression, and he organized the constitutional challenge against the rule abolishing online anonymity. As a member of KCSC, Prof. Park meets with the eight other members twice a week to review URLs that have been flagged by the community. Prof. Park has long argued that the KCSC has too much authority to prevent people from accessing expressive content on the web. As a member of the censorship board, he works to steer KCSC into a more lenient interpretation of the censorship laws. Often, he is unsuccessful, and content that he has determined non-harmful to the public is banned.

In July, Prof. Park decided to begin exploring the nuances of these censorship choices in hisblog. Believing that a censorship regime is terrible but a secret censorship regime is even worse, he used his blog to educate people about the types of content that were being removed from the Internet in South Korea. He would publish a sample of the type of content that had been removed and include a legal discussion of the removal choice. For example, Prof. Park posted non-sexual pictures of human male anatomy, such as those found in sex education books, along with the argument that such images are not obscene and that even by the conservative Korean standards it’s enough to just place age-restrictions on access. Six of his fellow commissioners rejected the argument.

As a result, in August, Prof. Park found his own blog on the roster of sites to be considered by the KCSC board. He inveighed the board for attempting to choke off his free expression. Ultimately, his own blog became the subject of debate amongst the other board members. In an act of compromise, Prof. Park has modified his previous blog entries to remove the “offensive” content and removed the blog from the board’s deliberation, but other members of the board have officially vowed to take actions against his blog in the future.

If Prof. Park’s blog is removed from the Internet, it will be a double blow for the people of South Korea. Not only will another valuable website be banned, but the people of South Korea will lose their only practical method of overseeing the work of the KCSC and holding the board accountable for its online censorship choices. While it is true that the board meetings are open to public viewing, the sheer volume of censorship (i.e. close to 10,000 URLs a month) makes it unwieldy for public oversight. Furthermore, the authors of the censored URLs are not given an opportunity to defend themselves in the censorship deliberations. For the most part, the public isn’t participating in the censorship choices made by KCSC because access to the process is so cumbersome, resulting in a regulatory board with no meaningful public oversight.

The UN Human Rights Council’s Special Rapporteur on Freedom of Expression, Frank La Rue, has stated [PDF] that “censorship measures should never be delegated to a private entity” and that “no State should use or force intermediaries to undertake censorship on its behalf,” noting the KCSC as a “quasi-State and quasi private entity” tasked with just that. Indeed, the KCSC lacks transparency and accountability, relying solely on a board of nine individuals to determine what online content is appropriate for Korean viewers. And as Prof. Park’s story illustrates, dissent is not tolerated.

The EFF is deeply troubled by the rise of administrative boards to censor the Internet—now extant in Turkey, Australia, India and South Korea. We are sending an open letter to the Korean Communications Standards Commission condemning attempts to shut the public out of their work and urging them to embrace transparency and online freedom of expression. Click hereto read the letter. It is our hope that international pressure, combined with the public outcry in South Korea, can help expose the flaws of this administrative censorship regime and restore real freedom of expression to the South Korean Internet.

Cisco and Abuses of Human Rights in China

What responsibility do corporations have to consider human rights when making business deals? Are companies that build and market equipment for the purpose of surveilling and censoring pro-democracy activists in authoritarian regimes culpable when those activists are imprisoned or tortured? Do companies bear a special responsibility if they customize products to improve the efficacy of tracking dissidents and choking free speech? What if the companies train government agents in using the technology to ferret out activists?

This post was originally published on EFF Deeplinks.

This is the first in a two-part series explaining the background around the EFF call to actionover Cisco assisting the Chinese government in abusing human rights. This article outlines the background of the issue and the first of our two demands to Cisco: intervening on behalf of dissident writer Du Daobin. Our next post will outline specifically how Cisco and other similar networking companies can pledge to uphold human rights.

If you have not done so, we urge you to sign our petition to Cisco. And if you’ve already signed, please continue to spread the word.

Understanding Du v. Cisco

What responsibility do corporations have to consider human rights when making business deals? Are companies that build and market equipment for the purpose of surveilling and censoring pro-democracy activists in authoritarian regimes culpable when those activists are imprisoned or tortured? Do companies bear a special responsibility if they customize products to improve the efficacy of tracking dissidents and choking free speech? What if the companies train government agents in using the technology to ferret out activists?

Two cases — one in the United States District Court of Maryland and another in the Northern District of California — are attempting to create legal precedent around these issues of corporate social responsibility. In Du v. Cisco, three named plaintiffs – Chinese citizens Du Daobin, Zhou Yuanzhi, and Liu Xianbin – are joining 10 unnamed “John Doe” plaintiffs in suing the American company Cisco Systems for their role in assisting the Chinese Communist Party (CCP) in violating human rights. The complaint against Cisco alleges that the plaintiffs in the case:

Have been and are being subjected to grave violations of some of the most universally recognized standards of international law, including prohibitions against torture, cruel, inhuman or other degrading treatment or punishment, arbitrary arrest and prolonged detention, and forced labor, for exercising their rights of freedom of speech, association, and assembly, at the hands of the Defendants through Chinese officials.

The complaint makes several accusations against Cisco Systems, including:

  • That Cisco Systems “aggressively sought contracts to provide substantial assistance in helping the Chinese government implement the Golden Shield Project”
  • That Cisco knew its services and products would be used by Chinese law enforcement, prisons, forced labor camps and also to police Internet usage
  • That Cisco employees themselves customized or trained others to customize the equipment they sold to China to meet the unique goals of the Golden Shield Project, including targeting disfavored groups in China
  • That Cisco knew the Golden Shield Project would be used to commit human rights violations

To understand these issues, one must first understand China’s Golden Shield Project, often referred to in the West as the Great Firewall of China. According to the complaint as well as published articles on the topic1, the system employs a series of techniques to monitor and track the Internet usage of people in China and prevent them from accessing a wide swath of online content. The surveillance aspects are extensive; the government is often able to not only track what sites an individual visits, but may also be pinpointing who that individual is, what messages that person posts, and even the content of her communications.

The complaint alleges that the system sold by Cisco, and subsequent training, allows Chinese officials to “access private internet communications, identify anonymous web log authors, prevent the broadcast and dissemination of peaceful speech, and otherwise aid and abet in the violation of Plaintiffs’ fundamental human rights.”(para. 2). The government is able to block access to certain content on the Internet – either temporarily or forever – using several techniques, including blocking domain names or entire IP addresses. Access to information that is critical of the CCP or provides unflattering evidence about CCP – such as information about the 1989 Tiananmen Square protests – is frequently inaccessible from within China. Search results for terms like “Egypt” have been blocked for fear they might inspire an uprising, and social networks like Facebook and Twitter are inaccessible. Cisco readily admits to selling this equipment to China, but denies allegations that they customized that equipment for the unique needs of the Chinese government.

At this point, only an initial complaint has been made against Cisco Systems, and it’s likely that much of the evidence that will be used against them, and that that they will use in defense, is not yet available. However, the initial complaint does point to some public evidence. It references a leaked 90 page internal presentation of Cisco from 2002. The document shows that Cisco Systems had extensively evaluated the Chinese government’s needs for a censorship and surveillance system and even noted that the system could be used to target disfavored groups. The documents produced by Cisco specifically note that the Golden Shield Project would (exact quote) “‘Combat Falun Gong’ evil religion and other hostiles.” It also specifically mentions China’s “forced labor” centers and “forced custody and education centers.”

As noted above, Du v. Cisco is only one of the two lawsuits currently pending against Cisco Systems for their hand in facilitating human rights abuses in China. The other case, filed by the Human Rights Law Foundation on behalf of members of Falun Gong and pending in the Northern District of California, is attempting to seek class-action status for the many Falun Gong members who were identified, imprisoned, tortured and (in some instances) killed by Chinese government agents relying on information obtained using equipment supplied by Cisco.

Addressing Differences in a Court Room, Not a Torture Chamber

We believe all of the plaintiffs in the cases against Cisco Systems are taking great risks through their involvement in the lawsuits. Recently, Du Daobin’s attorney published a blog noting that his client had been detained and interrogated at length by senior officials from China’s Ministry of Public Security about his role in Du v. Cisco. Mr. Du and the other plaintiffs are currently at risk of further torture, imprisonment, or even “disappearance.”

Regardless of whether Cisco “merely” sold surveillance and censorship equipment to China or whether they customized this equipment to pinpoint dissidents, it’s clear that the place to decide this issue is a court of law. The plaintiffs have a right to present their evidence and have a court rule on the legitimacy of their claims. But if the plaintiffs are tortured or imprisoned in China before the trial can take place, no justice will be served.

If Cisco believes what it did was legal, it should be eager to see a court ruling to that effect. Therefore, it’s in Cisco’s own interest to show their commitment to human rights and the rule of law by speaking out now for the safety of the plaintiffs in the case. After all, Mr. Du wasasked about his lawsuit against Cisco during the interrogation, so it’s clear that the detention and harassment is being done, at least in part, to protect Cisco by convincing Mr. Du and the others to drop their case.

Even if the detention wasn’t being done to benefit or protect Cisco directly, however, it makes sense that the the Chinese government would pay particular attention to statements from Cisco given the many-year relationship Cisco has cultivated with Chinese government officials. A statement from Cisco affirming their commitment to the rule of law and hopes for the continued safety of Du Daobin and the other plaintiffs could well help to keep these activists safe while the case winds its way through the courts.

Digital rights supporters have sent a steady stream of emails to Cisco Systems over this issue, but it appears that Cisco still doesn’t realize how important it is for for them to stand up for the safety of Du Daobin and the other plaintiffs in the cases.

To clarify, we are asking Cisco to contact their customers and business partners in the Chinese government and tell them not to target the plaintiffs in Du v. Cisco or Doe v. Cisco. We hope Cisco will prove that they don’t condone bullying tactics used to repress free speech and that they believe these disputes should be settled under the rule of law, not the iron fist. We’d be particularly pleased if Cisco would make a public statement about their stance on the continued safety of the plaintiffs – and it would certainly go a long way to improving their public image at this time when the world is watching. But above all, we urge Cisco to use every method at their disposal to ensure that Du Daobin and all of the plaintiffs in both cases make it through the court process, and beyond, unharmed by Chinese officials.

We’ve taken the liberty of writing a script to help guide Cisco through the conversation with their Chinese business partners, making it that much easier for them to fulfill this request:

Dear (insert names of business contacts in China),

As you know, Cisco Systems is currently being sued in the United States over the sale of equipment to you. We’re contacting you today to let you know that we do not wish you to harass, harm or otherwise attempt to dissuade or scare the plaintiffs in those cases. We believe that individuals like Mr. Du Daobin, one of the plaintiffs in the case, have a right to speak freely – even if they use their rights to file a lawsuit against us. We intend to resolve this matter in court and do not need or want any representative from your government to contact Mr. Du Daobin in any way. Please refrain from targeting the plaintiffs in the case against us; give us a chance to respond to the allegations in court.

Hope all those routers and other devices we sold you are still working well.

Thanks,
Your pals at Cisco

Moving forward

There are several things we’d like to see happen now that these cases have been filed against Cisco Systems. We hope to see Cisco Systems held accountable for their actions, if they did indeed facilitate human rights abuses in China. But just as importantly, we’re hoping to see a thoughtful discussion arise from this lawsuit about the responsibilities that corporations have to safeguard human rights in their business deals, especially where those business deals are with governments with well-established records of repression.

We also hope that the United States government will explore what role it should play in ensuring American companies do not supply authoritarian regimes with tools to censor and control individuals.

We’ll be discussing these issues in greater deal in our second post on this topic. For now, we urge supporters to keep sending emails to Cisco and stay tuned to the EFF Twitter feed for additional updates on the case.

Medical Justice: Stifling Speech of Patients with a Touch of “Privacy Blackmail”

Whether you’re buying a car, looking for a nearby cafe or hunting for deals on sneakers, the Internet – and especially crowd-sourced online review sites like Yelp – can help you decide which businesses to patronize. But one company is taking away users’ voices when it comes to reviewing medical services.

Whether you’re buying a car, looking for a nearby cafe or hunting for deals on sneakers, the Internet – and especially crowd-sourced online review sites like Yelp – can help you decide which businesses to patronize. But one company is taking away users’ voices when it comes to reviewing medical services. Medical Justice, started in 2002, is a member-based service for physicians that works to restrict unflattering reviews of participating doctors. Patients who go to these doctors sign a contract that assigns, in advance, the copyright in any online review to the physician being reviewed. A doctor who doesn’t like an unflattering post can then use a copyright infringement claim to have the post removed.

We’ve have long opposed these and similar efforts to misuse copyright to stifle speech. And we’re very glad that a new site, called Doctored Reviews, is explaining in detail why the business model promoted by Medical Justice is bad for patients, bad for doctors, bad for review sites – and especially bad for online free speech. As Doctored Reviews points out:

Imagine if other companies used similar contracts. Before you get a haircut, before you buy a six-pack of soda at the local grocery store or before you order a meal at a restaurant, imagine you were required to keep quiet and never post your opinion online about the product or service you purchased. Sound ridiculous? It does to us, and we think it’s no less ridiculous when doctors demand this of their patients.

The outrageous provisions don’t end there: as Courtney Minick pointed out on Justicia, the contract includes a provision that prevents the consumer from exercising her right to anonymous speech when reviewing a doctor and even mandates that a patient “will not denigrate, defame, disparage, or cast aspersions upon the Physician; and (ii) will use all reasonable efforts to prevent any member of their immediate family or acquaintance from engaging in any such activity.” This means that the patient is responsible for the online comments of friends and family members (“will use all reasonable efforts to prevent”), even though none of these individuals signed the contract.

Why would patients sign these anti-review contracts? (Assuming, of course, that patients even notice what they are signing in the stack of papers the receptionist hands them when they are in need of medical care.) Some might call it privacy blackmail; in return for a patient forfeiting her right to publish online criticisms, doctors promise not to share patient data with marketers. But these promises mean little: doctors are already forbidden from sharing such data without prior authorization from patients. The Medical Justice contract simply guarantees the doctors won’t ask for that authorization. Learn more about marketing and medical privacyhere.

So, what is the solution for doctors who are concerned about their online reputations? In the words of Justice Brandeis:

If there be time to expose through discussion the falsehood and fallacies, to avert the evil by the processes of education, the remedy to be applied is more speech, not enforced silence.

In less poetic terms: speech you disagree with should be fought with more speech, not censorship. We hope that doctors embrace this mantra and tell Medical Justice to take a hike. Doctored Reviews has tips for doctors looking to respond to online criticisms as well as advice for patients on refusing to sign Medical Justice’s anti-review contracts. And we’re excited to see that some reviews sites like Yelp and Avvo are refusing to honor these anti-review contracts. If you are with a review website and want to learn more about your obligations to respond to takedown notices from Medical Justice, see this guide.

Want to exercise your speech and tell Medical Justice what you think about their plan to cut off the voices of medical patients? You might leave a few comments on their blog (though apparently they aren’t always welcoming of robust discourse in blog comments) or send them a quick tweet, but perhaps the best way to get your message across is to write a review of their services on the Greensboro North Carolina Yelp.

The Best of Cablegate: Instances Where Public Discourse Benefited from the Leaks

Since late November, the whistleblower website Wikileaks has been in the process of releasing in waves over 250,000 leaked United States diplomatic cables. Known as “Cablegate,” this is the largest publication of confidential documents by any organization. (Catch up on Wikileaks developments by reviewing EFF’s page on this issue).

This blog post was originally published on EFF Deeplinks.

Since late November, the whistleblower website Wikileaks has been in the process of releasing in waves over 250,000 leaked United States diplomatic cables. Known as “Cablegate,” this is the largest publication of confidential documents by any organization. (Catch up on Wikileaks developments by reviewing EFF’s page on this issue).

Wikileaks’ disclosures have caused tremendous controversy, with critics of Wikileaks claiming the leaks of classified information could endanger lives and harm international diplomacy. Others have commended Wikileaks, pointing to a long history of over-classification and a lack of transparency by the United States government.

Regardless of the heated debate over the propriety of Wikileaks’ actions, some of the cables have contributed significantly to public and political conversations all around the world. In this article, we highlight a small selection of cables that been critical to understanding and evaluating controversial events.

  1. “Dancing Boy” Scandal Alleges Child Prostitution, Possible Drug Use among U.S. Private Contractors
    The Guardian reported on a cable describing an incident in which employees of DynCorp, a U.S. military contractor, hired a “dancing boy” for a party. The term “dancing boy,” also known as bacha bazi, is a euphemism for a custom in Afghanistan in which underaged boys are dressed as women, dance for gatherings of men and are then prostituted. Read more. The incident allegedly involved soliciting local Afghan police for a bacha bazi as well as usage of illegal drugs. The cable detailed that Hanif Armar, minister of the Interior of Afghanistan, urged the United States to help contain the scandal by warning journalists that reporting on the incident would endanger lives.The incident contributed important information to the debate over the use of private military contractors in Afghanistan. The articles published in the wake of Wikileaks’ publication of the cable are far more critical than the original reporting on the issue. For example, back in July of 2009, the Washington Post described the incident as “questionable management oversight,” in which “DynCorp employees in Afghanistan hired a teenage boy to perform a tribal dance.” This cable helped the Post and the public understand there was more to this story than a tribal dance.
  2. Pfizer Allegedly Sought to Blackmail Nigerian Regulator to Stop Lawsuit Against Drug Trials on Children
    A cable released by Wikileaks says that Pfizer “had hired investigators to uncover corruption links to [Nigerian] Attorney General Michael Aondoakaa to expose him and put pressure on him to drop the federal cases.” The Guardian reported that the drug giant was trying to convince the Nigerian attorney general to settle lawsuits arising from medical testing of the oral antibiotic Trovan that it administered to children living in Kano during a meningitis epidemic in 1996. The cable also noted that Pfizer Nigeria Country Director Enrico Liggeri felt the lawsuits “has had a ‘chilling effect’ on international pharmaceutical companies because companies are no longer willing to conduct clinical testing in Nigeria.” This episode helped the public understand more about the controversies surrounding drug testing in underdeveloped countries, as well as the politics behind Nigeria’s settlement of the multi-billion dollar lawsuit for $75 million.
  3. U.S. Failed to Bully Spain Into Adopting Untested Anti-P2P bill
    A diplomatic cable released by Wikileaks to the Spanish paper El Pais shows that the United States used bullying tactics to attempt to push Spain into adopting copyright laws even more stringent than those in the U.S. As EFF reported, a U.S. official apparently pressured the government of Spain to adopt novel and untested legislative measures that have never been proposed in the United States. The Wikileaks revelations came just in time, providing critical information in a December legislative session, and saving Spain from the kind of misguided copyright laws that could cripple innovation and facilitate online censorship.
  4. U.S. to Uganda: Let Us Know If You Want to Use Our Intelligence for War Crimes
    The United States has long supported the efforts of the Ugandan government to defeat theLord’s Resistance Army, as part of a conflict known for its brutality and the use of child soldiers. One cable released by Wikileaks indicated the United States was considering selling arms to Uganda. The Guardian reported that the U.S. ambassador accepted verbal promises from the Ugandan defense minister that they would “consult with the US in advance if the [Ugandan army] intends to use US-supplied intelligence to engage in operations not government [sic] by the law of armed conflict.” That same article noted that the United States has been concerned that the Ugandan government is engaged in actions which might violate the laws of war.Learning that U.S. intelligence might be used outside the laws of law, and that the U.S. government merely wanted a consultation, helped the public understand more about the American-Ugandan cooperation against the LRA, and informed the debate over the methods used to combat rebellions in Africa. This is not an idle concern- the very next day a cable detailed the use of extrajudicial execution of a Ugandan prisoner.
  5. U.S. Haggling over Guantánamo Detainees
    President Obama promised to close the Guantánamo Bay detention camp since his campaign for the office, and reiterated the promise once he took office. Yet the controversial detention facility remains open. An article by the New York Times analyzed cables released by Wikileaks which indicated the United States is having difficulties in fulfilling this promise and is now considering some unique solutions. The cables show that U.S. diplomats have been searching for countries that would take detainees, often bargaining with foreign countries over the placement of prisoners. In return for accepting detainees, the receiving country might get a one-on-one meeting with Obama, assistance obtaining International Monetary Fund assistance, or some other helping hand from the United States. In one cable, Saudi Arabian King Abdullah recommended that the U.S. implant an electronic chip in each detainee for location tracking, using technology developed for livestock.

The debate over Wikileaks will continue for some time. But these examples make clear that Wikileaks has brought much-needed light to government operations and private actions which, while veiled in secrecy, profoundly affect the lives of people around the world and can play an important role in a democracy that chooses its leaders. As founding father James Madison explained, “a popular government without popular information or the means of acquiring it is but a prologue to a farce or tragedy or perhaps both.” Regardless of whether you agree with WikiLeaks, Cablegate has served an important role in bettering public understanding on matters of public concern.

In Data Portability Deathmatch, Users Lose Out

This blog post was originally published on EFF Deeplinks , and it was co-authored with my amazing colleague Marcia Hofmann. This is the first blog post I published on EFF. 

In the last few weeks, Facebook and Google have been engaging in a public tussle over an issue that is near and dear to EFF’s heart: data portability. The crux of the issue is that when you sign up for Facebook, you can find your Gmail contacts or invite them to join the social networking service with a few quick clicks. But when you sign up for Google, Facebook prevents you from easily inviting all of your Facebook friends to Google, despite the fact that Facebook makes it easy for users to export their contacts to other services like Yahoo!.

Earlier this month, Google altered its terms of use for API users in an attempt to push Facebook into making contacts more portable. Basically, if services (such as Facebook) aren’t willing to make contact data portable to Google, then Google will stop making Gmail contacts exportable to their sites. Somewhat ironically, Google is promoting data portability by restricting data portability.

This comes at a time when Facebook is launching a messaging product that may rival Google’s communication applications and rumors abound that Google is looking to make a foray into the realm of social networking — suggesting that market advantage, rather than user rights, could well be driving this data portability squabble.

Google’s maneuver is particularly interesting in light of Facebook v. Power Ventures, a case in which Facebook has sued a company that offers a tool for users to access and aggregate their personal information across social networking sites. Because Facebook’s terms of service don’t allow users to access their information through “automated means,” Facebook claims that Power’s access is not authorized or permitted, and therefore violates state and federal computer crime laws. (The court recently threw out one of these claims, finding that Power could not have violated California’s computer crime law merely by breaching Facebook’s terms of service — a result EFF urged the court to reach in two amicus briefs.)

So Google put Facebook in a bind. Facebook could:

  1. Let users take their Facebook contacts to Google,
  2. Stop importing contacts from Google, or
  3. Continue its current practice and violate Google’s terms of service — which Facebook itself has argued is criminal behavior.

Rather than taking this opportunity to give Facebook users the ability to export their contacts — something that EFF has strongly advocated for in the past — Facebook instead created a tool to work around Google’s restriction. Users signing up for Facebook are now prompted to download their Gmail contacts to their hard drives, and then upload them to Facebook. While this means an extra step for users, the end result is simply that Google contact data is still portable to Facebook, and Facebook doesn’t reciprocate. Google, in its latest salvo of the battle, is highlighting Facebook’s approach in a new message that asks users seeking to export their Gmail contacts to Facebook whether they’re sure they want to take their contacts to a service that refuses to let them export.

So why does exporting data matter to users?

Data portability is a deceptively simple idea with serious benefits for users. EFF championed data portability in our Social Network Bill of Rights. If an online service disrespects user privacy, lacks functionality or violates user expectations, a user should have the right to pack up her information easily and leave. This means that online platforms would have a vested interest in making sure users were happy with their services — or face an exodus.

Facebook has been working to improve its data portability. In October, Facebook announcedthat it would provide a way for users to export their content, which fits squarely into the Social Network Users’ Right to Leave. (That is, assuming you can figure out how to close your Facebook account.) But Facebook still doesn’t allow users to export the contact information of friends to any service they like.

However, that might be the most important thing.

Social networks like Facebook are more than just status updates, photos and links. They are built on relationships with people. So if you really want to abandon your social networking account and start homesteading a virtual farm on a different online platform, you’ll want to bring the contact data of your digital acquaintances with you. Facebook’s failure to freely provide this functionality makes it more difficult to leave Facebook for one of Facebook’s many social networking rivals.

Facebook, for its part, argues that users don’t have the right to easily download their friends’ contact data anymore than they have the right to mass download their friends’ photo albums. This is a somewhat dubious argument, considering Facebook does allow contact data to be exported to the iPhone address book, Yahoo! and Hotmail. While user privacy is important, hamstringing data portability isn’t the right solution. (And in fact, a savvy user can export Facebook contacts if he or she tries. Here’s how.) If Facebook wants to respect user privacy and choice, it should provide a simple way for users to download data — including the contact data of friends — while also providing an opt-out for individuals who never want their data downloaded by online acquaintances.

One thing should be clear to users of both Google and Facebook: when companies guard data to obtain a market advantage, consumers lose out.

UPDATE (11/16/10) — InsideFacebook.com is reporting a new feint from Facebook in its knife fight with Google over portability. After the launch of Facebook’s new unified messaging product yesterday, a Facebook spokesman told InsideFacebook that the company would allow users to export their friends’ email addresses — but only up to a point. Users will *only* be able to export their friends’ “@facebook.com” email addresses — the addresses associated with the new messaging service — which does little to enable competition in the social network arena, whether from Google or anyone else. As InsideFacebook points out, “Even if Google or another company managed to recreate parts of the social graph by importing @facebook.com addresses, these companies would still have to contact these users by their @facebook.com accounts, leaving the social network as the middleman.”