When college professors want students to read a small part of a book, they put that book on reserve at the library, so everyone can get access to the bit of information they need without having to buy the entire expensive work. Advances in technology have made this even easier for students: librarians have created electronic reserves, allowing online access to a digital version of the excerpt. But the publishing world has come down hard on these electronic reserves in a lawsuit aimed at Georgia State University (GSU), insisting that libraries must pay fees for excerpts they make available digitally to students. In an amicus brief filed on behalf of several national library associations today, EFF argues that electronic reserves must be protected to serve the public interest and preserve librarians’ and students’ fair-use rights.
This case started back in 2008, when the Association of American Publishers (AAP) recruited three plaintiffs to sue GSU for copyright infringement in their electronic reserves. GSU promptly updated its procedures to conform to fair use guidelines the AAP itself had helped draft for other universities. But instead of declaring victory, the plaintiffs continued to pursue this case, even taking it up on appeal when their claims were rejected by a federal district court.
In the amicus brief filed today, EFF urges the appeals court to see what the district court saw: the vast majority of uses at issue were protected fair uses. Moreover, as a practical matter, the licensing market the publishers say they want to create for e-reserves will never emerge—not least because libraries can’t afford to participate in it. Even assuming that libraries could pay such fees, requiring this would thwart the purpose of copyright by undermining the overall market for scholarship. Given libraries’ stagnant or shrinking budgets, any new spending for licenses must be reallocated from existing expenditures, and the most likely source of reallocated funds is the budget for collections. An excerpt license requirement thus will harm the market for new scholarly works, as the works assigned for student reading are likely to be more established pieces written by well-known academics. Libraries’ total investment in scholarship will be the same but resources will be diverted away from new works to redundant payments for existing ones, in direct contradiction of copyright’s purpose of “promot[ing] progress.”
A win for the publishers here would be a Pyrrhic victory at best for them, and a significant loss for the public interest. We hope the appellate court agrees that copyright law does not require forcing libraries to make reading a handful of pages either extraordinarily expensive or inordinately difficult for college students.
San Francisco – The Electronic Frontier Foundation (EFF) urged the National Highway Traffic Safety Administration (NHTSA) today to include strict privacy protections for data collected by vehicle “black boxes” to protect drivers from long-term tracking as well as the misuse of their information.
Black boxes, more formally called event data recorders (EDRs), can serve a valuable forensic function for accident investigations, because they can capture information like vehicle speed before the crash, whether the brake was activated, whether the seat belt was buckled, and whether the airbag deployed. NHTSA is proposing the mandatory inclusion of black boxes in all new cars and light trucks sold in America. But while the proposed rules would require the collection of data in at least the last few seconds before a crash, they don’t block the long-term monitoring of driver behavior or the ongoing capture of much more private information like audio, video, or vehicle location.
“The NHTSA’s proposed rules fail to address driver privacy in any meaningful way,” said EFF Staff Attorney Nate Cardozo. “These regulations must include more than minimum requirements of what should be collected and stored – they need a reasonable maximum requirement as well.”
The current NHTSA proposal mandates a boilerplate notice to consumers that “various systems” are being monitored. The plan also calls for a commercial tool to be made available to allow user access to black box data. In its comments submitted to the NHTSA today, EFF calls for complete and comprehensive disclosure of data collection as well as a free and open standard to access black box information.
“The information collected by EDRs is private and must remain private until the car owner consents to its use,” said Cardozo. “Consumers deserve full disclosure of what is being collected, when, and how, as well as an easy and free way of accessing this data on their own. Having to buy access to your own data is not reasonable. “
In addition to submitting its own comments to the NHTSA today, EFF also joined the Electronic Privacy Information Center and a broad coalition of privacy, consumer rights, and civil rights organizations in comments urging the NHTSA to adopt specific, privacy-protecting amendments to its proposed rules.
For EFF’s full comments submitted to the NHTSA:
Electronic Frontier Foundation
- EFF to Supreme Court: Blanket DNA Collection Violates Fourth Amendment (alethonews.wordpress.com)
- Black Boxes in Cars: Open Call for Comments (eff.org)
- EFF, others to Microsoft: Who’s requesting our Skype data? (zdnet.com)
- EFF – How to Protect Your Privacy from Facebook’s Graph Search (bespacific.com)
In a Major Privacy Victory, Seattle Mayor Orders Police to Dismantle Its Drone Program After Protests
In an amazing victory for privacy advocates and drone activists, yesterday, Seattle’s mayor ordered the city’s police agency to cease trying to use surveillance drones and dismantle its drone program. The police will return the two drones they previously purchased with a Department of Homeland Security grant to the manufacturer.
EFF has been warning of the privacy dangers surveillance drones pose to US citizens for more than a year now. In May of last year, we urged concerned citizens to take their complaints to their local governments, given Congress has been slow to act on any privacy legislation. The events of Seattle proves this strategy can work and should serve as a blueprint for local activism across the country.
Back in early 2012, the Seattle city council was told that the Seattle police agency had obtained an authorization to fly drones from the Federal Aviation Administration (FAA). But they did not find out from the police; they found out from a reporter who called after the council after he saw Seattle’s name on the list obtained by EFF as part of our lawsuit against the FAA.
City council was understandably not happy, and the police agency was forced to appear before the council and apologize. It then vowed to work with the ACLU of Washington and the FAA to develop guidelines to make sure drones wouldn’t violate Seattle citizens’ privacy. But as long as the guidelines weren’t passed in a binding city ordinance, there’d be no way to enforce them.
After a townhall meeting held by police, in which citizens showed up in droves and angrily denounced the city’s plans, some reporters insinuated that city counsel members’ jobs could be on the line if they did not pass strict drone legislation protecting its citizens privacy.
Documents obtained by MuckRock and EFF in October as part of our 2012 drone census showed that the Seattle police were trying to buy two more drones despite the controversy. But that ended yesterday as the Mayor put a stop to the program completely.
Critics of the privacy protests said the participants were exaggerating the capabilities of the Seattle drones, given they would only fly for less than an hour at a time and are much smaller than the Predator drones the military flies overseas and Department of Homeland Security flies at home.
But while Seattle’s potential drones may not have been able to stay in the air for long, similar drones have already been developed and advertised by drone manufacturers with the capability to stay in the air for hours or days at a time. In fact, Lockheed Martin has been bragging about a drone that weights 13.2 pounds (well within the FAA’s weight limits) that can be recharged by a laser on the ground and stay in the air indefinitely.
Since the Seattle protests have heated up, similar complaints have been heard at local city counsels and state legislatures across the country. At least thirteen states are now considering legislation to restrict drone use to protect privacy, and there are also members of Congress on both sides of the aisle pushing the same thing.
Here in the Bay Area, we’ve experienced a similar situation. The Alameda County Sheriff’s Office tried to sneak through drone funding without a public hearing and told the county board of supervisors it only wanted to use the drone for emergency purposes. Yet in internal documents obtained by EFF and MuckRock as part of our 2012 drone census, the Sheriff’s Office said it wanted to use the drone for “suspicious persons” and “large crowd control disturbances.”
When EFF and ACLU held a press conference pointing out this discrepancy, the county backtracked and is now attempting to write privacy guidelines that could potentially be turned into binding law. We will keep you updated on further developments.
But regardless, it’s important that privacy advocates take the lesson from Seattle and apply it all over the country. This is an important privacy victory, and like we said back in May, local governments will listen to our concerns, so let’s make our voice heard.
Law Enforcement Should Not Gather Genetic Information Without a Warrant
San Francisco – The Electronic Frontier Foundation (EFF) urged the Supreme Court Friday to block DNA collection from everyone arrested for a crime, arguing that law enforcement must get a warrant before forcing people to give samples of their genetic material.
EFF’s amicus brief was filed Friday in Maryland v. King – a case challenging a law in the state of Maryland that requires DNA collection from all arrestees, whether they are ultimately convicted of a crime or not. Maryland officials claim that DNA is necessary for definitive identification, but they do not use the sample to “identify” the arrestee. Instead, they use the sample for other investigatory purposes – retaining and repeatedly accessing the wealth of personal information disclosed by an individual’s genetic material despite lacking individualized suspicion connecting the arrestee to another crime. This violates the Fourth Amendment.
“Your DNA is the roadmap to an extraordinary amount of private information about you and your family,” said EFF Staff Attorney Jennifer Lynch. “It contains data on your current health, your potential for disease, and your family background. For government access to personal information this sensitive, the Fourth Amendment requires a warrant.”
In addition to Maryland, 27 states and the federal government have laws that mandate DNA collection from anyone arrested, even if they are not yet convicted of a crime. EFF has filed amicus briefs in a number of cases challenging these unconstitutional laws. Meanwhile, the Supreme Court has shown increasing sensitivity to the power of sophisticated technology to undermine traditional privacy protections.
“Let’s say you were picked up by police at a political protest and arrested, but then released and never convicted of a crime. Under these laws, your genetic material is held in a law enforcement database, often indefinitely,” said EFF Senior Staff Attorney Lee Tien. “This is an unconstitutional search and seizure.”
The Supreme Court is set to hear arguments in Maryland v. King later this month.
For the full brief in Maryland v. King:
Electronic Frontier Foundation
Senior Staff Attorney
Electronic Frontier Foundation
Two Out of Every Three US Demands to Google Come Without A Warrant
This morning, Google released their semi-annual transparency report, and once again, it revealed a troubling trend: Internet surveillance around the world continues to rise, with the United States leading the way in demands for user data.
Google received over 21,000 requests for data on over 33,000 users in the last six months from governments around the world, a 70% increase since Google started releasing numbers in 2010. The United States accounted for almost 40% the total requests (8,438) and the number of users (14,791). The total numbers in the US for 2012 amounted to a 33% increase from 2011. And while Google only complied with two-thirds of the total requests globally, they complied with 88% of the requests in the United States.
Admirably, Google expanded their transparency report this time around, providing more detailed information about what kind of requests they get from the US government—specifically the type of requests they get under the main email privacy law in the US, the Electronic Communications Privacy Act (ECPA).
EFF has long criticized ECPA for not providing email with the same warrant protection as the Fourth Amendment gives to physical letters and phone calls. The Justice Department believes that it doesn’t need a warrant for emails over 180 days. Google’s lawyers, to their credit, have criticized the law as well, saying just this week, “our view is that [ECPA] is out of compliance with the Fourth Amendment because the government can call for the production of your data without a search warrant.”
All things considered, 2012 was a terrible year for online privacy against government surveillance. How bad was it? States around the world are demanding private data in ever-greater volumes—and getting it. They are recognizing the treasure troves of personal information created by modern communications technologies of all sorts, and pursuing ever easier, quicker, and more comprehensive access to our data. They are obtaining detailed logs of our entire lives online, and they are doing so under weaker legal standards than ever before. Several laws and proposals now afford many states warrantless snooping powers and nearly limitless data collection capabilities. These practices remain shrouded in secrecy, despite some private companies’ attempts to shine a light on the alarming measures states are taking around the world to obtain information about users.
To challenge the sweeping invasions into individuals’ personal lives, we’re calling on governments to ensure their surveillance policies and practices are consistent with international human rights standards. We’re also demanding that governments and companies become more transparent about their use of the Internet in state surveillance.
Signs of Growing International Surveillance in 2012
A new law in Brazil allows police and public prosecutors to demand user registration data from ISPs directly, via a simple request, with no court order, in criminal investigations involving money laundering. And, a new bill seeks to allow the Federal Police to demand registration data of Internet users in cases of crimes without the need of a court order nor judicial oversight.
Colombia adopted a new decree that compels ISPs to create backdoors that would make it easier for law enforcement to spy on Colombians. The law also forces ISPs and telecom providers to continuously collect and store for five years the location and subscriber information of millions of ordinary Colombian users.
Leaked documents revealed that the Mexican government shelled out $355 million to expand Mexican domestic surveillance equipment over the past year.
The Canadian government put proposed online surveillance legislation temporarily “on pause” following sustained public outrage generated by the bill. The bill introduces new police powers that would allow authorities easy access to Canadians’ online activities, including the power to force ISPs to hand over private customer data without a warrant.
The EU’s overarching data retention directive has become a dangerous model for other countries, despite the fact that several European Courts have declared several national data retention laws unconstitutional.
Romania went ahead with adopting a new data retention mandate law without any real evidence or debate over the right to privacy, despite the 2009 Constitutional Court ruling declaring the previous data retention law unconstitutional.
The German government is proposing a new law that would allow law enforcement and intelligence agencies to extensively identify Internet users, without any court order or reasonable suspicion of a crime. This year, more details were found on German State Trojan Program to spy on and monitor Skype, Gmail, Hotmail, Facebook and other online communications.
The UK government is considering a bill that would extend the police’s access to individuals’ email and social media traffic data. The UK ISPs will be compelled to gather the data and allow the UK police and security services to scrutinize it.
A Dutch proposal seeks to allow the police to break into foreign computers and search and delete data. If the location of a particular computer cannot be determined, the Dutch police would be able to break into it without ever contacting foreign authorities. Another Dutch proposal seeks to allow the police to force a suspect to decrypt information that is under investigation in a case of terrorism or sexual abuse of children.
In Russia, several new legal frameworks or proposed bills enable increased state surveillance of the Internet.
Australian law enforcement and intelligence agencies have continued to advance the false idea of the need for data retention mandates, mandatory backdoors for cloud computing services and the creation of a new crime for refusing to aid law enforcement in the decryption of communications.
A controversy arose in Lebanon over revelations that the country’s Internal Security Forces (ISF) demanded the content of all SMS text messages sent between September 13 and November 10 of this year, as well as usernames and passwords for services like Blackberry Messenger and Facebook.
The Rwandan Parliament is discussing a bill that will grant sanctions the police, army and intelligence services the power to listen to and read private communications in order to protect “public security”, the keyword often invoked to justify unnecessary human rights violations.
Pakistan adopted a Fair Trial Bill authorizing the state to intercept private communications to thwart acts of terrorism. No legal safeguards have been built in to prevent abuse of power and the word “terrorism” has been poorly defined (a word that’s often invoked to justify unnecessary human rights violations).
RIM announced that they had provided the Indian Government with a solution to intercept messages and emails exchanged via BlackBerry handsets. The encrypted communications will now be available to Indian intelligence agencies.
The Indian government approved the purchase of technological equipment to kickstart the National Intelligence Grid (NATGRID)—a project that seeks to link databases for ready access by intelligence agencies. The project is expected to facilitate “robust information sharing” by security and law enforcement agencies to combat terror threats.
EFF’s international team and a coalition of civil society organizations around the world have drafted a set of principles that can be used by civil society, governments and industry to evaluate whether state surveillance laws and practices are consistent with human rights. In 2013, we will continue demanding that states adopt stronger legal protections if they want to track our cell phones, or see what web sites we’ve visited, or rummage through our Hotmail, or read our private messages on Facebook, or otherwise invade our electronic privacy. EFF will keep working collaboratively with advocates, lawyers, journalists, bloggers and security experts on the ground to fight overbroad surveillance laws. Our work will involve existing legislative initiatives, international fora, and other regional venues where we can have a meaningful impact on establishing stronger legal protections against government access to people’s electronic communications and data.
- Colombia Adopts Mandatory Backdoor and Data Retention Mandates (informationliberation.com)
- Do we need the Snooper’s Charter to save lives? (pcpro.co.uk)
- ISP Walks Out of Piracy Talks: “We’re Not The Internet Police” (torrentfreak.com)
Senate Report: Counterterrorism “Fusion Centers” Invade Innocent Americans’ Privacy and Don’t Stop Terrorism
The Department of Homeland Security’s 70 counterterrrorism “fusion centers” produce “predominantly useless information,” “a bunch of crap,” while “running afoul of departmental guidelines meant to guard against civil liberties” and are “possibly in violation of the Privacy Act.”
These may sound like the words of EFF, but in fact, these conclusions come from a new report issued by a US Senate committee. At the cost of up to $1.4 billion, these fusion centers are supposed to facilitate local law enforcement sharing of valuable counterterrorism information to DHS, but according to the report, they do almost everything but.
DHS described its fusion centers as “one of the centerpieces of [its] counterterrorism strategy” and its database was supposed to be a central repository of known or “appropriately suspected” terrorists. In theory, local law enforcement officers, in conjunction with DHS officials, conduct surveillance and write up a report—known as a Homeland Intelligence Report (HIR)—for DHS to review. If credible, DHS would then spread the information to the larger intelligence community.
Yet, the Senate report found the fusion centers failed to uncover a single terrorist threat. Instead, like so many post-9/11 surveillance laws passed under the vague guise of “national security,” the system was overwhelmingly used for ordinary criminal investigations, while at the same time facilitating an egregious amount of violations of innocent Americans’ rights.
An entire section of the Senate report is dedicated to Privacy Act violations and the collection of information completely unrelated to any criminal or terrorist activity in the HIRs. In one instance, a DHS intelligence officer filed a draft report about a US citizen who appeared at a Muslim organization to deliver a day-long motivational talk and a lecture on positive parenting. In another, one intelligence officer decided to report on two men who were fishing at the US-Mexican border. A reviewer commented, “I… think that this should never have been nominated for production, nor passed through three reviews.” A report was even initiated on a motorcycle group for passing out leaflets informing members of their legal rights. A reviewer commented, “The advice given to the groups’ members is protected by the First Amendment.”
Over and over again the Senate report quotes reviewers chastising DHS officials for recording constitutionally protected activities and for publishing such reports. One reviewer wrote, “The number of things that scare me about this report are almost too many to write into this [review] form.” In some cases, DHS retained cancelled draft reports that may have contained information in violation of the Privacy Act for a year or more after the date of the reports’ cancellation. Worse, the intelligence officials responsible “faced no apparent sanction for their transgressions.”
While it’s commendable the Senate exposing these civil liberties violations, the problems detailed in the report are not new. Since the government started its various information sharing programs after 9/11, media organizations have extensively documented how, when they’re not being outright abused by local law enforcement, are overwhelmingly used for ordinary investigations that had nothing to do with terrorism. EFF has long warned that completely innocent Americans’ privacy has become collateral damage in the government’s thirst to collect more and more digital information on its own citizens.
Even DHS’ own internal audits of the fusion centers showed they didn’t work, according to the Senate report. The privacy disaster is also a boondoggle for taxpayers: DHS can’t account for much of the money it spent on the program, estimating they spent between $289 million and $1.4 billion—a discrepancy of more than $900 million dollars.
Despite these facts, Attorney General Eric Holder issued new guidelines in March for the National Counter Terrorism Center (NCTC) that dramatically expanded the NCTC’s information sharing powers. The NCTC can now mirror entire federal databases containing personal information and hold onto the information for ten times longer than they could before—even if the person is not suspected of any involvement in terrorism. Journalist Marcy Wheeler summed up the new guidelines at the time, saying, “So…the data the government keeps to track our travel, our taxes, our benefits, our identity? It just got transformed from bureaucratic data into national security intelligence.”
Now that the Senate’s Permanent Subcommittee on Investigations has issued this unusually harsh report lambasting the same type of information sharing centers, Eric Holder should also rescind his new data retention guidelines for NCTC counterterrorism centers until new safeguards are put in place. EFF also joins the ACLU’s call for full Congressional hearings on the DHS fusion centers. In fact, the government should issue a moratorium on all fusion centers until this problem is fixed. Local governments can also prevent their law enforcement agencies from participating.
While “information sharing” centers were sold to the American people as providing “a vital role in keeping communities safe all across America,” it’s clear all they’ve done is play a vital role in violating American’s civil liberties.
EFF has been fighting against the Trans-Pacific Partnership (TPP) intellectual property chapter for several years. This agreement poses a great risk to users’ freedoms and access to information on a global scale.
We have created this infographic to capture the most problematic aspects of TPP, and to help users, advocates and innovators from around the world spread the word about how this agreement will impact them and their societies. Right-click and save the image for the PNG file, or you can download the PDF version below.
We thank Lumin Consulting for working with us on this project.
- New Obama Scandal: The Trans-Pacific Partnership (constitutionclub.org)
- Australia, New Zealand an Canada Green parties concerned over Trans-Pacific Partnership (bikyamasr.com)
- Lori Wallach – Trans-Pacific Partnership: Under Cover of Darkness, a Corporate Coup Is Underway (prn.fm)
- Internet Users Again Shut Out of Secret TPP Negotiations (eff.org)
- NZ stands ground on Trans Pacific Partnership (computerworld.co.nz)
- Malaysia Rejecting TPP as Agreement Causes Political Turmoil in Australia (zeropaid.com)
The FAA has been adopting new rules to expand the use of small drones domestically, and by 2012 UAVs are expected to dominate the country’s airspace. Trevor Timm of the Electronic Frontier Foundation brings his take on whether Americans should worry about what law enforcement is doing.
- EFF Obtains FAA Documents Detailing Domestic Drone Use (blacklistednews.com)
- Revealed: 64 Drone Bases on American Soil (wired.com)
EFF Asks Court to Reject Stale State Secret Arguments So Case Can Proceed
San Francisco – Three whistleblowers – all former employees of the National Security Agency (NSA) – have come forward to give evidence in the Electronic Frontier Foundation’s (EFF’s) lawsuit against the government’s illegal mass surveillance program, Jewel v. NSA.
In a motion filed today, the three former intelligence analysts confirm that the NSA has, or is in the process of obtaining, the capability to seize and store most electronic communications passing through its U.S. intercept centers, such as the “secret room” at the AT&T facility in San Francisco first disclosed by retired AT&T technician Mark Klein in early 2006.
“For years, government lawyers have been arguing that our case is too secret for the courts to consider, despite the mounting confirmation of widespread mass illegal surveillance of ordinary people,” said EFF Legal Director Cindy Cohn. “Now we have three former NSA officials confirming the basic facts. Neither the Constitution nor federal law allow the government to collect massive amounts of communications and data of innocent Americans and fish around in it in case it might find something interesting. This kind of power is too easily abused. We’re extremely pleased that more whistleblowers have come forward to help end this massive spying program.”
The three former NSA employees with declarations in EFF’s brief are William E. Binney, Thomas A. Drake, and J. Kirk Wiebe. All were targets of a federal investigation into leaks to the New York Times that sparked the initial news coverage about the warrantless wiretapping program. Binney and Wiebe were formally cleared of charges and Drake had those charges against him dropped.
Jewel v. NSA is back in district court after the 9th U.S. Circuit Court of Appeals reinstated it in late 2011. In the motion for partial summary judgment filed today, EFF asked the court to reject the stale state secrets arguments that the government has been using in its attempts to sidetrack this important litigation and instead apply the processes in the Foreign Intelligence Surveillance Act that require the court to determine whether electronic surveillance was conducted legally.
“The NSA warrantless surveillance programs have been the subject of widespread reporting and debate for more than six years now. They are just not a secret,” said EFF Senior Staff Attorney Lee Tien. “Yet the government keeps making the same ‘state secrets’ claims again and again. It’s time for Americans to have their day in court and for a judge to rule on the legality of this massive surveillance.”
For the full motion for partial summary judgment:
For more on this case:
Electronic Frontier Foundation
Senior Staff Attorney
Electronic Frontier Foundation
As we’ve acknowledged before, our lives are increasingly contained on our digital devices, which makes travel—and the decisions we make about what to carry with us—increasingly complicated.
A recent case in which two young travelers to Israel were requested not simply to provide their laptops for arbitrary searches, but to log in to their e-mail accounts and allow Israeli officials to search through their e-mail for specific strings and correspondence highlights the increasing obstacles to privacy that travelers face, as well as the increasingly global nature of security theatre.
In that particular case, the two young women—both of Palestinian origin—complied with officials’ requests but were nonetheless detained overnight before being deported. In another, similar case, a U.S. citizen who refused access to her email was told she was probably hiding something and was refused entry to the country. Israeli security (Shin Bet) told a reporter that “the actions taken by the agents during questioning were within the organization’s authority according to Israeli law.”
Not unlike travelers to the U.S., travelers to Israel face serious privacy challenges at the border. The government generally has broad authority to search through your personal possessions, including your laptop, for any reason at all. When you cross the border to Israel, the Israeli government retains the authority to question you and examine your belongings, which it interprets as also allowing it to go through your electronic devices and computer files. More recently, authorities have also been known to demand user passwords to online accounts.
As we state in our guide to U.S. border searches:
For doctors, lawyers, and many business professionals, these border searches can compromise the privacy of sensitive professional information, including trade secrets, attorney-client and doctor-patient communications, research and business strategies, some of which a traveler has legal and contractual obligations to protect. For the rest of us, searches that can reach our personal correspondence, health information, and financial records are reasonably viewed as an affront to privacy and dignity and inconsistent with the values of a free society.
EFF recently asked Jonathan Klinger, an Israeli attorney, for his thoughts on the law and government practices that apply to searches at the Israeli border, and here is his analysis.
The Situation at the Israeli Border
At the Israeli border, there are some limited legal protections against the search itself. Based on a collection of experiences, however, it seems that mentioning these protections to border officials can be considered antagonism, and can limit your ability to enter Israel. Those concerned about the security and privacy of the information on their devices at the border should therefore use technological measures in an effort to protect their data. They can also choose not to take private data across the border with them at all, and then use technical measures to retrieve it from abroad.
There is, however, little to prevent a scenario in which one’s email is searched, as refusal to allow the search may result in deportation. With that in mind, concerned travelers should think ahead and review their online accounts before traveling.
Why Can My Devices Be Searched at the Border?
Article 7 of Israel’s Basic Statute of Human Dignity and Freedom1 states that every person is entitled to his privacy, and that his property may not be searched, apart from where it is required under legal authority. This generally means that the government has to show probable cause that a crime has been committed and get a warrant before it can search a location or item in which you have a reasonable expectation of privacy; moreover, a recent Supreme Court ruling stated that there is no such thing called consensual search,2 and where there is no probable cause, the state cannot rely on a person’s consent in order to search in his possessions. But searches at places where people enter or leave Israel are subject to different statutes. The two applicable statutes are the Aviation Act (Security in Civil Aviation), 19773and the General Security Service Act, 20024; the two acts altogether provide two different state authorities the right to search on a person’s body and in his property. However, they do not refer to computer searches at all.
The Aviation Act allows security personnel, police officers, soldiers and members of the civil defense forces to search at border crossings if “the search is required, in [the officer's] opinion, to keep the public’s safety or if he suspects that the person unlawfully carries weapons or explosives, or that the vehicle, the plane or the goods has weapons or explosives.”
Similarly, the General Security Service Act states that in order to prevent unlawful activities, secure persons or any other activity that the government authorized with the approval of the Knesset committee for the Shin Bet5 to perform, any employee of the Shin Bet (the service) may search a person’s body, property, baggage or other goods and collect information, as long as the person is present.
Only in extreme cases, where there is an object that needs to be seized for a vital role in the Shin Bet’s activity, can the Shin Bet also search without a person’s presence.
However, nothing in these acts authorizes computer searches. Recently, the Israeli Justice office proposed a new anti-terror bill,6 which is yet to pass through the legislative process. This Anti-Terror bill does request to correct the current General Security Service act to specifically state that computers may be searched.
How the Government Searches Devices at the Border
There are three government agencies primarily responsible for inspecting travelers and items entering Israel: the General Security Service (Shin Bet), The Customs Authority and the Immigration authority.
The law gives the Shin Bet and other officials a great deal of discretion to inspect items coming into the country. There is no official policy published in respect to border search of electronic devices and accounts. And when recently requested to comment, the Shin Bet stated that its acts are “according to law.”
Recently, the Israeli Foreign Ministry admitted that it used Facebook in order to create a blacklist of activists who were then—along with a number of uninvolved and mistakenly identified individuals—banned entry to the country amidst the Flytilla events. If you are active on one or more social networks and express opinions about Israel, you carry a greater risk of being profiled and selected for search.
Keep in mind that the Shin Bet can keep your computer or copies of your data for “the time required for the seizure.” There is no specific consideration regarding forensic practices and the ways that your computer files may be copied during the seizure. This is unlike the Israeli Criminal Procedure Order (Arrest and Search), 1969,7 which deals specifically with the forensic procedures of copying computer materials and requires two witnesses for any file duplication.
The Israeli Customs Authority, under Article 184,8 allows any customs official to search every person for contraband or drugs given probable cause. Moreover, the customs official may also request urine, blood or saliva samples and request persons to undress. However, nothing in the law allows them to search through computer materials.
In short, border agents have a lot of latitude to search electronic devices at the border or take them elsewhere for further inspection for a short period of time, whether or not they suspect a traveler has done anything wrong.
We do not have the exact numbers or methods of how such searches are handled, and the Shin Bet is exempt from the Israeli Freedom of Information Act.9; However, the frequency of technology-oriented searches at the border may increase in the future. Researchers and vendors are creating tools to make forensic analysis faster and more effective, and, over time, forensic analysis will require less skill and training. Law enforcement agencies may be tempted to use these tools more often and in more circumstances as their use becomes easier.
Travelers should consider taking the same precautions outlined in EFF’s guide to carrying digital devices across the United States border.
Our movie industry has created some memorable monsters on screen. But Hollywood, and the major music labels, also helped create a very real kind of monster – copyright trolls who coerce settlements from Internet subscribers using intimidation and our out-of-whack copyright laws. Last Friday, EFF Senior Staff Technologist Seth Schoen took the witness stand in AF Holdings v. Does to explain to a federal judge why BitTorrent users should be able to hold on to their constitutional rights when targeted by trolls. Although some courts have put the brakes on the trolls’ schemes, there’s no Hollywood ending in sight yet. As the entertainment industries continue to push for ever-stronger copyright through treaties, private agreements, Congress and state legislatures, it’s time to ask – how will Hollywood help protect us from the trolls?
The current crop of copyright trolls sue anywhere from 20 to 5,000 “John Doe” defendants in a single lawsuit, pinned to a list of Internet Protocol addresses that they claim to have seen downloading copyrighted movies using BitTorrent. Then, with the courts’ permission, they send subpoenas to Internet service providers for the names and addresses of subscribers. The trolls then send threatening letters, demanding settlement payments to “make this go away” or face being dragged into court – often in a faraway state. Over 200,000 U.S. residents have been caught up in these suits, with many undoubtedly settling simply to end the harassment.
The trolls are, of course, following a trail blazed by the major music labels through the Recording Industry Association of America. Beginning around 2003, they sued about 35,000 people, using the courts’ subpoena powers as a private investigation service to find names and addresses. The RIAA ended its lawsuit campaign in 2008, apparently realizing the damage that suing its own fans had done to the industry’s image.
It was perhaps inevitable that the vacuum would be filled by opportunists with no public image to protect. Since 2008, troll lawyers have sued about six times more people than the RIAA ever did, and pursued them even more aggressively, probably netting millions in settlements. Some have faced court settlements for cutting corners in court procedure, and one was even caught practicing law without a license. But this scheme wouldn’t be a viable business model without the draconian imbalances of U.S. copyright law and legal precedent that the entertainment industries and their lobbyists have pushed through Congress and the courts.
For starters, the statutory penalty for sharing even one copyrighted work – say one song – is as much as $150,000. It’s no surprise that many people choose to settle for several thousand dollars rather than risk a bankrupting court judgment – even if they broke no law. The entertainment industries insist that we need these gargantuan penalties to deter infringement, but the same “statutory damages” provisions are the knobby club in the hands of the trolls.
Then there’s the legal doctrine of “secondary liability.” The movie and recording industries are constantly pressing for broader liability for intermediaries, Internet sites and services, and makers of tools and software. Copyright trolls use these concepts to disregard actual copyright infringers and instead go after the owners of Internet accounts, who are often easier to find. The trolls suggest, using the rhetoric of secondary liability, that merely allowing others to use one’s Internet connection, or operating an open Wi-Fi node, makes one liable for any copyright infringement. This isn’t the law, but the trolls don’t warn their marks about that. Often, even those who understand secondary liability, or can afford hiring a lawyer, choose to pay a settlement for someone else’s alleged infringement rather than risk a lengthy and expensive trial, even if they would prevail.
Then there’s the very concept of lawsuits aimed at dozens or thousands of “John Doe” Internet account holders. Plaintiffs in these suits often group together Internet users from all over the country and obtain their identities from ISPs by court order. Doing this requires trampling on jurisdiction rules that keep people from being unfairly forced to defend themselves far from home, joinder rules that guarantee every defendant is treated as an individual, and the First Amendment, which gives us a right to communicate anonymously. The RIAA’s lawsuit campaign also disregarded these legal safeguards. After the RIAA opened this door, the trolls lumbered in.
Finally, the entertainment industries have spent decades, and millions of lobbying and advertising dollars, to promote the simple but flawed idea that if copyright law promotes creativity, then ever-more-extreme copyright law will promote even more. According to this philosophy, the importance of preventing even the most inconsequential copyright infringement justifies chilling free speech, unmasking anonymous Internet users, wholesale regulation of the Internet … and setting loose the trolls. This worldview was on full display at a hearing last week in the D.C. federal district court, when ISPs, assisted by the EFF, tried to quash subpoenas for Internet users’ identities. EFF’s Seth Schoen matched wits with pornography financier AF Holdings’s expert on the workings of BitTorrent and Internet forensics, and the plaintiff’s attorney defended his litigation tactics as an acceptable way to “stop piracy.”
Although there will always be people willing to use the legal system as part of a shakedown, copyright trolls are a monster created in Hollywood. Naturally, the entertainment industry’s spokespeople, lobbyists, and other mouthpieces don’t discuss how the laws, treaties, court precedents, and private enforcement agreements they spend millions to promote will be misused by opportunists. But when the next SOPA, PIPA, ACTA, TPP, graduated response agreement, or state-level copyright bill comes along, let’s ask Hollywood and its allies how they plan to keep trolls confined to the big screen.
- ISPs Ask Judge To Quash Subpoena In Troll Case — Or Let Them Appeal (eff.org)
- EFF Backs ISPs in Battle to Quash Copyright Troll Subpoenas (eff.org)
- Copyright-trolls: mind your own extra-judicial business, court says (arstechnica.com)
- Die, Troll, Die (wired.com)
- Judge rejects copyright trolls’ BitTorrent conspiracy theory (arstechnica.com)