Tag Archives: privacy

ARL Joins Amicus Brief in Surveillance Case, Wikimedia v. NSA

On September 3, 2015, ARL joined an amicus brief with other library associations and bookseller associations in Wikimedia v. NSA, a case that challenges warrantless surveillance.  The amicus brief, authored by the Electronic Frontier Foundation, was also signed on to by the American Booksellers Association, the American Library Association, the Freedom to Read Foundation, and the International Federation of Library Associations and Institutions.

The brief explains that the First Amendment is a broad guarantee that includes the ability to distribute and receive information, and to freely and privately associate.  Libraries have long advocated for and protected patron privacy, and the brief points out the importance of patron confidentiality including in the digital age.

The brief points out that protecting reader privacy is critical:

Providers of books and reading material such as libraries and booksellers are often uniquely positioned to assert readers’ First Amendment rights. Readers change or curtail their reading if they fear government scrutiny of their behavior, especially where the intrusion concerns reading material that is personally embarrassing, politically controversial, or otherwise revealing.

[…]

The resulting inhibition of expressive activity is not hypothetical: patrons care deeply about their intellectual privacy and avoid situations where they cannot preserve it. In Subpoena to Kramerbooks, the D.C. district court found that as a result of a grand jury subpoena for a patron’s book purchases, “[m]any customers have informed Kramerbooks personnel that they will no longer shop at the bookstore because they believed Kramerbooks to have turned documents over . . . that reveal a patron’s choice of books.” 26 Media L. Rep. (BNA) at 1601. Similarly, when the owner of the Tattered Cover bookstore challenged a search warrant for a customer’s purchase history, she testified she received an “‘enormous amount of feedback’ from customers about this case, including over one hundred letters from customers in support of the Tattered Cover’s position.” Tattered Cover, 44 P. 3d at 1050.

Additionally, the brief notes the rise in digital communications and interactions.  It emphasizes that the First Amendment rights apply in the digital world:

Just as libraries and booksellers have standing to challenge law enforcement access to patron records in the physical world so, too, do they have standing to challenge unwarranted access to digital records. Just as government intrusion on the freedom of inquiry causes First Amendment injury in the physical world so, too, does government surveillance cause injury in the digital world . . . By sweeping in and searching vast amounts of Internet traffic, upstream surveillance encroaches on the sensitive interactions between libraries and booksellers and their patrons—interactions that, as shown above, these entities have historically taken great pains to protect.

The full brief can be accessed here.

 

New Advocacy and Policy Update: August 14, 2015

A new ARL Advocacy and Policy Update, covering mid-June to mid-August is now available here.  Prior updates can be accessed here.

The summary and contents from the current Advocacy and Policy Update are reproduced below:

Summary

The US House of Representatives began the summer recess on July 30th, and the US Senate adjourned on August 6th with both reconvening on September 8th. September and October promise to be very busy months as both chambers must act on the FY 2017 appropriations bills, highway trust fund, debt ceiling, and many other issues. It is also hoped that there will be a deal to increase the spending limits under sequestration, which higher education institutions and others have long advocated for.

Much of the activity related to copyright has centered around the Copyright Office. Congressional offices continue to explore and discuss ways to modernize the Copyright Office, including various proposals to move the Copyright Office out of the Library of Congress. Additionally, the Copyright Office has issued notices of inquiries that relate to orphan works, mass digitization, visual works, and extended collective licensing.

There have been positive developments with respect to open access, open educational resources, and open data. The Obama Administration released science and technology priorities for FY 2017, which note that “preserving and improving access to scientific collections, research data, other results of federally funded research, open datasets and open education resources should be a priority for agencies.” The FASTR Bill to enhance public access to research was approved unanimously by the US Senate Committee on Homeland Security and Governmental Affairs.

Privacy and surveillance concerns continue as Congress is considering cybersecurity legislation that raises serious issues for privacy and civil liberties. Litigation around net neutrality is in full swing, with the briefs of telecommunications companies opposing the FCC’s net neutrality rules filed in July.

Finally, ARL continues to promote a simple and quick ratification of the Marrakesh Treaty. Currently, 10 countries have ratified the Treaty, and 10 more are needed for it to enter into force.

Contents

Copyright and Intellectual Property

  • Proposal to “Modernize” the Copyright Office
  • Copyright Office Notice of Inquiry on Visual Works
  • Copyright Office Notice of Inquiry on Mass Digitization and Extended Collective Licensing
  • House Judiciary Committee’s Copyright Review

Open Access, Open Educational Resources, and Open Data

  • Obama Administration Releases Science and Technological Priorities for FY 2017
  • Coalition Calls on White House to Open Up Access to Federally Funded Educational Resources
  • FASTR Bill to Enhance Public Access to Research Approved by US Senate Committee
  • National Technical Information Service (NTIS)

Update Appropriations

Draft Bill Would Eliminate NHPRC

Privacy and Surveillance

  • Cybersecurity Legislation
  • Electronic Communications Privacy Act Reform

Telecommunications

  • Net Neutrality Litigation

International Treaties

  • Trans-Pacific Partnership Agreement
  • Marrakesh Treaty

Coalition Asks President Obama to Pledge to Veto Cybersecurity Information Sharing Act (CISA)

Congress is currently considering the Cybersecurity Information Sharing Act of 2015 (CISA, S. 754), a bill that has serious implications for privacy and civil liberties.  While the bill purportedly is designed to strengthen cybersecurity, it contains significant flaws.  On Monday, July 27, ARL joined a coalition of organizations and security experts in sending a letter to President Obama asking for a pledge to veto CISA due to these concerns:

  • CISA fails to protect personal information.  CISA allows the sharing of vast amounts of personal data to be shared with government agencies.  It allows the sharing of personal and identifying information as a default measure.
  • CISA allows the use of information in investigations unrelated to cybersecurity.  CISA also allows for governments to use cyber threat indicators to investigate a wide range of crimes, including those that are not related to cybersecurity, such as robbery, arson, or trade secret violations.
  • CISA fails to maintain civilian control of domestic cybersecurity.  CISA would permit companies that operate in the civilian sector to share cyber threat indicators with any agency of the federal government, raising serious privacy concerns.
  • CISA permits countermeasures that could damage networks.  CISA would allow companies to deploy “defensive measures” or “countermeasures” that could damage networks that belong to innocent bystanders, even when they would otherwise be illegal under the Computer Fraud and Abuse Act.
  • CISA raises additional transparency concerns.  CISA would create a new exemption to the existing list of nine exemptions under the Freedom of Information Act (FOIA).

 

ARL Applauds Senate on Passage of USA FREEDOM Act

ARL is pleased that the Senate has passed the USA FREEDOM Act, without weakening provisions that protect privacy and civil liberties.  The USA FREEDOM Act prohibits the bulk collection that had been practiced by the National Security Agency and restores essential civil liberties. Passage of this bill is the first step forward in meaningful surveillance reform.  ARL looks forward to working with Congress on continued reforms to protect privacy and civil liberties.

Three Provisions of the PATRIOT Expire; Senate to Vote on USA FREEDOM Act This Week

*Edited to include a link to the Center for Democracy and Technology (CDT) in-depth analysis of Senator McConnell’s proposed amendments to the USA FREEDOM Act*

Today, three key provision of the PATRIOT Act expired, including Section 215, known as the “library records” or “business records” provision.  While the Senate voted 77-17 on late Sunday evening — just hours prior to the midnight expiration of Section 215 and other provisions — to move forward with a vote on the USA FREEDOM Act, a final vote will not come until later this week due to Senate rules requiring additional time for debate.  Senator Paul’s (R-KY) earlier filibuster of the USA FREEDOM Act, which he argued did not go far enough in protecting privacy and civil liberties, delayed the process enough to result in at least temporary sunset of three provisions of the PATRIOT Act.

Section 215 has been used by the National Security Agency (NSA) to conduct mass surveillance, including bulk collection of phone metadata.  The Second Circuit recently ruled that this bulk collection exceeded the authority granted by Section 215.

While the Senate will hold a vote on the USA FREEDOM Act later this week, passage in its current form is not assured.  Majority Leader McConnell (R-KY) has introduced four amendments, all of which would weaken the USA FREEDOM Act.  These amendments would 1) extend the transition period for agency compliance with the USA FREEDOM Act from 6 months to 12 months; 2) replaces the section creating an amicus curiae to the FISA court with one that is less effective; 3) substitute the USA FREEDOM Act in its current form, including a new notice requirement for data retention for companies that intend to retain call detail records for less than 18 months and; 4) substitute the USA FREEDOM Act with all of the above changes and also removes the provision regarding declassification of FISA court opinions.  The third and fourth amendments are complete substitutes of the House-passed version of the USA FREEDOM Act, essentially re-writing the bill with substantial amendments.  CDT has a great in-depth explanation of each amendment here.

Should any of these amendments be accepted, the House of Representatives would need to accept these changes before the bill can be sent to President Obama.  A number of Representatives have already criticized the USA FREEDOM Act as not going far enough to protect privacy and civil liberties and Senator McConnell’s amendments could be rejected in the House.

Efforts to weaken the USA FREEDOM Act, such as those advanced by Senator McConnell, should not be accepted.  The USA FREEDOM Act should be considered to be the bare minimum in a series of reforms to the NSA’s surveillance practices and efforts to change the bill should focus on strengthening, rather than weakening, protections for privacy.  Now that Section 215 and other provisions of the PATRIOT Act have expired, Congress must carefully consider what authorities it wants to grant the NSA and other federal agencies.  Congress is no longer considering extension or reauthorization of existing powers, but will be granting authority to federal agencies once again.  In doing so, ARL urges members of Congress to protect privacy and civil liberties in a meaningful way and ensure that the key protections advanced by the USA FREEDOM Act are not diminished.

ARL Joins Coalition Letter Opposing Two Flawed Surveillance Reform Bills

On Thursday, May 28, 2015, ARL joined a coalition of 51 companies, trade associations and civil society organizations to oppose the FISA Improvements Act of 2015, introduced by Senator Burr (R-NC), and the FISA Reform Act of 2015, introduced by Senator Feinstein (D-CA).  While these bills have been called a “backup plan” if the USA FREEDOM Act is not passed, it is clear that the two bills do not adequately address current surveillance practices and fail to protect privacy and civil liberties.

The letter points out that both bills fail to stop domestic bulk collection and would authorize a government-imposed data retention mandate on private businesses.  It also notes

. . . the FISA Improvements Act would permit domestic bulk collection b leaving unchanged the FISA Pen Register/Trap and Trace law, which was used for years to collect Internet metadata in bulk.  The bill explicitly leaves Section 215 of the PATRIOT Act unchanged for two years, despite recent public assurances by the NSA Director that a transition period longer than 180 days is not necessary.  In addition to this, the bill contains provisions that weaken whistleblower protections, expand surveillance power by granting the FBI The authority to obtain electronic communication transaction records without a court order, and make permanent provisions of the Patriot Act that are currently tied to a sunset date.

The letter concludes:

Section 215 of the PATRIOT Act is set to expire at 12:00am on June 1.  No legislation has passed the Senate, despite a clear demand for surveillance reform.  These proposals are unviable, ineffective and do not offer a path forward.  We strongly urge against consideration of the FISA Improvements Act or the FISA Restoration and Reform Act.

The Center for Democracy and Technology (CDT) has great one-pagers explaining the flaws of Senator Burr’s bill and Senator Feinstein’s bill.

Court of Appeals Issues Landmark Ruling Against NSA Bulk Collection Practices

On May 7, 2015, the Court of Appeals for the Second Circuit ruled on the legality of the National Security Agency’s (NSA) bulk collection of telephone metadata. In a unanimous opinion, the court ruled that the NSA’s bulk collection of telephone records exceeds the authority granted under Section 215 of the USA PATRIOT Act, also known as the “library records” or “business records” provision.

The Second Circuit begins by recognizing that while telephone metadata does not reveal the content of the calls, this fact “does not vitiate the privacy concerns arising out of the government’s bulk collection of such data’ which can reveal a “startling amount of detailed information.” Telephone metadata

might reveal that an individual is: a victim of domestic violence or rape; a veteran; suffering from an addition of one type or another; contemplating suicide; or reporting a crime. Metadata can reveal civil, political, or religious affiliations; they can also reveal an individual’s social status, or whether and when he or she is involved in intimate relationships.

The court also notes that the more metadata collected, the more it can reveal private information.

The court then turned to the facts of the case and summarized the background of the NSA’s bulk collection practices. The NSA has conducted bulk collection of telephone metadata under Section 215 since at least May 2006. The government had collected the data and made “queries” on particular phone numbers that it believed to be associated with a foreign terrorist organization, as well as three “hops,” meaning that the contacts of the contacts of contacts of the original number queried were also looked at. In January 2014, the government limited the number of “hops” from three to two. Additionally, the government required a Foreign Intelligence Service Act Court (FISC) to make a determination that a reasonable articulable suspicion standard had been met, rather than allowing designated NSA officials to determine whether this suspicion existed. The Privacy and Civil Liberties Oversight Group concluded in a 2014 report that the NSA’s program “was inconsistent with §215, violated the Electronic Communications Privacy Act, and implicated privacy and First Amendment concerns.”

After finding that the plaintiffs in the case had standing and the court was not precluded from hearing the case, the Second Circuit turned to the merits of the case and focused on the argument that the program exceeded the authority granted to the government by Section 215.

Section 215 permits the government to apply for “an order requiring the production of any tangible things” provided that they are “relevant to an authorized investigation (other than a threat assessment) . . . to protect against international terrorism or clandestine intelligence activities.” The Second Circuit ruled that while Section 215 “sweeps broadly,” the NSA practices ignore the provision’s statutory limits.

First, while the Second Circuit agreed that the “relevance” standard is generous and Section 215’s use of the term is analogous with the term “relevance” used in the context of a grand jury subpoena, this term is not without its limits. With the NSA’s current bulk collection practices, “The records demanded are all-encompassing; the government does not even suggest that all of the records sought, or even necessarily any of them, are relevant to any specific defined inquiry.” The government argued that the records are “relevant” because they may allow the NSA to identify information that is relevant in the future, but “such an expansive concept of ‘relevance’ is unprecedented and unwarranted.” The court summarizes the government’s argument that “there is only one enormous ‘anti-terrorism’ investigation and that any records that might ever be of use in developing any aspect of that investigation are relevant to the overall counterterrorism effort.”

The Second Circuit points out that warrants and subpoenas for other programs are limited to particular individuals or corporations under investigation as well as specific time periods in stark contrast to the NSA’s program which do not have similar limits:

The records demanded are not those of suspects under investigation, or of people or businesses that have contact with such subjects, or of people or businesses that have contact with others who are in contact with the subjects – they extend to every record that exists, and indeed to records that do not yet exist, as they impose a continuing obligation on the recipient of the subpoena to provide such records on an ongoing basis as they are created. The government can point to no grand jury subpoena that is remotely comparable to the real-time data collection undertaken under this program.

The Second Circuit further notes that term relevant “does not exist in the abstract” and that “§215 does not permit an investigative demand for any information relevant to fighting the war on terror, or anything relevant to whatever the government might want to know.” Instead, it applies only to documents “relevant to an authorized investigation.” Allowing the NSA’s practices to proceed would “require a drastic expansion of the term ‘relevance.’”

Section 215 not only limits collections to what is relevant to an authorized investigation, but also provides that such investigation must not be a “threat assessment.” Thus, the court states, “Congress clearly meant to prevent §215 orders from being issued where the FBI, without any particular, defined information that would permit the initiation of even a preliminary investigation sought to conduct an inquiry to identify a potential threat in advance.” The NSA’s practices are “‘irreconcilable with the statute’s plain text.’”

Turning to the argument that Congress “ratified” the NSA’s practices by reauthorizing Section 215 in 2010 and 2011, the court noted that “Congressional inaction is already a tenuous basis upon which to infer much at all, even where a court’s or agency’s interpretation is fully accessible to the public . . .But here, far from the ordinarily publicly accessible judicial or administrative opinions that the presumption contemplates, no FISC opinions authorizing the program were made public prior to 2013.” Thus, “Congress cannot reasonably be said to have ratified a program of which many members of Congress – and all members of the public – were not aware.” The Second Circuit rejected the argument that Congress “ratified” the bulk collection practices because “these circumstances would ignore reality . . . it is a far stretch to say that Congress was aware of the FISC’s legal interpretation of §215 when it reauthorized the statute in 2010 and 2011.”

Finding that the program was not permitted under Section 215, the Second Circuit declined to rule on whether the NSA’s bulk collection also violated the Fourth Amendment. The court does, however, point to the “seriousness of the constitutional concerns.” It also notes that Congress has been debating the program and that a new version of the USA FREEDOM Act has been introduced into the U.S. House of Representatives and Senate but, “we do not purport to express any view on the constitutionality of any alternative version of the program.”

 

ARL Opposes Senator McConnell’s Bill to Reauthorize Section 215 “Library Records” Provision

On April 21, 2015, Senate Majority Leader Mitch McConnell (R-KY) and Senate Select Intelligence Committee Chairman Richard Burr introduced S.1035, a bill that would extend Section 215 of the USA PATRIOT Act, also known as the “library records” or “business records” provision, through 2020. The bill would not make any reforms to Section 215 and is a pure reauthorization of this provision that is set to expire on June 1, 2015.

Section 215 has been used by the National Security Agency (NSA) to conduct mass surveillance, including the bulk collection of phone records. ARL, as well as many other organizations, have urged Congress and the Administration to pass reform that protects privacy and civil liberties. Minimum components to meaningful surveillance reform require ending bulk collection practices.

The upcoming expiration of Section 215 provides the opportunity to address the serious infringement on civil liberties caused by mass surveillance. Rather than endorsing and extending these practices for another five years, Congress should end bulk collection of records.

ARL Joins Letters to House and Senate Expressing Concerns Over Cybersecurity Bills

On April 20, 2015, ARL joined a coalition of 36 privacy and civil liberties organizations and 19 security experts and academics raising concerns regarding the Protecting Cyber Networks Act (PCNA, H.R. 1560) and the Cybersecurity Information Sharing Act of 2015 (CISA, S.754).  The letters urge members of Congress to oppose these bills because the proposed legislation, “threatens privacy and civil liberties, and would undermine cybersecurity, rather than enhance it.”

With respect to PCNA, the letter raises the following concerns that the legislation:

  • Authorizes companies to significantly expand monitoring of their users’ online activities and permits sharing of vaguely defined “cyber threat indicators” without adequate privacy protections prior to sharing.
  • Requires federal entities to automatically disseminate to the NSA all cyber threat indicators received, including personal information about individuals.
  • Authorizes overbroad law enforcement that goes far outside the scope of cybersecurity
  • Authorizes companies to deploy invasive countermeasures or “defensive measures.”

The CISA letter raises the same four concerns above, but also raises additional issues that the legislation:

  • Permits companies to share cyber threat indicators, which may include information about innocent individuals, directly with the NSA.
  • Authorizes companies to deploy countermeasures or “defensive measures” that could damage data and computer systems of innocent third parties who did not perpetrate the threat.  The CISA bill would potentially cause greater harm than PCNA with respect to this point because it specifically authorizes “negligent use of defensive measures that could cause significant, though not substantial harm to a third party’s information system.”

 

Recent Developments on UN Special Rapporteurs: copyright policy; privacy in the digital age

There have been two recent developments regarding UN Special Rapporteurs in the last month relevant to issues of copyright and privacy.  First, UN Special Rapporteur in the filed of cultural rights, Farida Shaheed, presented her report on Copyright policy and the right to science and culture to the Human Rights Council on March 11, 2015.  Then, on March 26, 2015, the Human Rights Council voted to establish a new UN Special Rapporteur on the right to privacy in the digital age.  Below are some highlights from Shaheed’s report.

Copyright policy and the right to science and culture

Shaheed’s report on copyright policy contains many positive aspects, specifically emphasizing the importance of access to knowledge and noting the problems that may arise in promoting such access because of high copyright protections.

In discussing copyright policy, the report draws a line between human authors and corporate rights holders, noting that authors may sell their copyright interests to a corporation.  However, corporate rights holders “economic interests do not enjoy the status of human rights.  From the human rights perspective, copyright policy and industry practices must be judged by how well they serve the interests of human authors, as well as the public’s interest in cultural participation.”  Furthermore, “Corporate rights holders with immense financial resources and professional sophistication are typically better positioned to influence copyright policymaking, and may even claim to speak for authors in copyright debates.  Unfortunately, the material interests of corporate rights holders do not always coincide with those of authors.”

Shaheed points to the importance of a balanced copyright system that takes into account limitations and exceptions:

Designing copyright law to promote the material interests of authors requires nuance.  “Stronger” copyright protection does not necessarily advance the material interests of creators.  Exceptions and limitations often support creators’ material interests b offering opportunities for statutory licensing income or the possibility of relying in part on the work of other artists in a new work or performance.  An  appropriate balance is crucial, recognizing the creators are both supported and constrained by copyright rules . . .

[ . . . ]

Copyright exceptions and limitations — defining specific uses that do not require a licence from the copyright holder — constitute a vital part of the balance that copyright law must strike between the interests of rights-holders in exclusive control and the interests of others in cultural participation.  Copyright exceptions and limitations have rarely been the topic of international norm-setting, hence State practice varies significantly.

The report notes that limitations and exceptions can: empower new creativity, expand educational opportunities, and expand non-commercial culture.

Additionally, the report notes that “A human rights perspective . . . requires that the potential of copyright exceptions and limitations to promote inclusion and access to cultural works, especially for disadvantaged groups, be fully explored,” for example the 2013 WIPO Marrakesh Treaty to Facilitate Access to Published Works for Persons Who are Blind, Visually Impaired or Otherwise Print Disabled.

The report also points out that flexible limitations and exceptions can adapt to new circumstances and changing technologies:

A few countries have a more expansive and flexible exception or limitation, commonly referred to as “fair use.”  Such provisions authorize courts to adapt copyright law to permit additional unlicensed uses that comply with general standards of fairness to creators and copyright holders.  For example, the fair use doctrine in the United States encompasses protection for parody and certain educational uses.  It has also been interpreted to permit a search engine to return thumbnail-sized images as part of its search results and to protect technology manufacturers from liability where consumers record a television show to watch later.  Most States do not have such broad and flexible exceptions and limitations; instead each specific type of allowable use is listed in the statute.  While enumerated provisions may provide greater clarity regarding permitted uses, they may also fail to be sufficiently comprehensive and adaptable to new contexts.

Shaheed’s report also discusses the importance of open licensing, such as the Creative Commons license, and notes that “Open access publishing is emerging as a significant alternative model for disseminating scientific knowledge.”

The report also notes the “democratic deficit in international policymaking on copyright,” pointing to the lack of transparency in, for example, the negotiations of the Trans-Pacific Partnership Agreement (TPP).  These discussions happen “without benefit of public participation and debate.”  While Shaheed points out that WIPO treaty negotiations are more transparent, “Regardless of the forum, concern is often expressed that powerful parties may use international rule-making to restrict domestic policy options, advancing private interests at the expense of public welfare or human rights.”

The report concludes with 28 recommendations including, for example:

  • Ensuring that international intellectual property agreements, including trade agreements, are negotiated in a transparent manner.
  • Encouraging states to create limitations and exceptions, including without remuneration “in particular in contexts of income disparity, non-profit efforts, or undercapitalized artists, where a requirement of compensation might stifle efforts to create new works or reach new audiences”
  • Ensuring that exceptions and limitations are not overridden by contracts or impaired by technological protection measures
  • Supporting a WIPO instrument on exceptions and limitations for libraries and education and/or an international fair use provision
  • Promoting open access scholarship and open educational resources, including through government subsidized support (“States should redirect financial support from proprietary publishing models to open publishing models”) and ensuring that public and private universities as well as public research institutions adopt open access, particularly through adoption of Creative Commons licenses
  • Ratifying the Marrakesh Treaty to Facilitate Access to Published Works for Persons Who are Blind, Visually Impaired, or Otherwise Print Disabled
  • Providing alternatives to criminal sanctions and blocking of contents/websites for copyright infringement

UN Special Rapporteur on the right to privacy in the digital age

The newly created UN Special Rapporteur on the right to privacy in the digital age was approved by resolution A/HRC/28/L27 and will have an initial 3-year mandate and will “report on alleged violations, wherever they may occur, of the right to privacy, as set out in article 12 of the Universal Declaration of Human Rights and article 17 of the International Covenant on Civil and Political Rights, including in connection with the challenges arising from new technologies, and to draw the attention of the Council and the High Commissioner to situations of particular serious concern.”  The Special Rapporteur will be appointed in June, approximately two years after leaks revealed the mass surveillance and bulk collection practices of the NSA.