EFF Explains Google Street View Ruling And What It Means for Researchers And Cops

This post, written by staff attorney Hanni Fakhoury, was originally published on the EFF website on Monday.

Is a Wi-Fi signal the equivalent of an FM radio station, blasting classic rock ballads through your car speakers?

Not to the Ninth Circuit Court of Appeals, which issued its long awaited decision in Joffe v. Google this week, the case where Google was sued for allegedly violating the Wiretap Act when its Street View cars sucked up data from wireless routers as it passed by.

The Background

Google’s Street View feature allows users to see photographs of specific addresses on a Google map. To generate these pictures, Google deployed a fleet of cars with cameras mounted on top of their roofs to drive across the world and take pictures of everything it could. From 2007 to 2010 Google also equipped these cars with antennas and software that were capable of scanning wireless routers nearby in order to capture information like the network’s name, a router’s MAC addresses and whether a Wi-Fi network was encrypted or not.

Google did this to enhance the accuracy and precision of its location based services. But it also captured “payload data,” or the actual data transmitted through the Wi-Fi networks, including emails, usernames, passwords and more. After Google was criticized for the collection it apologized for the program in 2010, grounded the cars and has been ordered to delete the data in some countries.

The Lawsuit and the Law

Numerous class action lawsuits were filed against Google in 2010, claiming the company had violated federal and state wiretap laws by collecting this data. Although the Wiretap Act generally prohibits the interception of electronic and wire communications, Google moved to dismiss the case, arguing it didn’t violate the law because its collection of the data was permitted under an exception to the Wiretap Act. Under 18 U.S.C. § 2511(2)(g)(i), the interception of an “electronic communication” that “is readily accessible to the general public” is permitted.

This is really two related exceptions. The first covers electronic communications that are “readily accessible to the general public.” For example, a message posted on a public message board. The second exception comes from the definition of “readily accessible to the general public” in 18 U.S.C. § 2510(16)(a), which includes an unencrypted “radio communication.” In essence, an unencrypted radio communication is always considered to be “readily accessible to the general public.” So you can tune the radio in your car to any station without being guilty of wiretapping.

Google ultimately argued that its collection of the unencrypted Wi-Fi traffic was legal under the Wiretap Act for two reasons; first because unencrypted Wi-Fi signals are a “radio communication” which by definition is “readily accessible to the general public.” And second, even if it wasn’t a “radio communication,” it was an electronic communication that in practice was “readily accessible to the general public.”

Unfortunately, the Wiretap Act doesn’t more specifically define what “radio communication” means and so the trial court had to resolve whether Wi-Fi signals are in fact what Congress meant by “radio communications” or not.

The lower court, after all the cases were consolidated, ultimately denied Google’s motion, finding that unencrypted Wi-Fi signals weren’t “radio communications,” but rather electronic communications. It then rejected Google’s fallback argument, finding that unencrypted Wi-Fi signals aren’t “readily accessible to the general public.”

The Ninth Circuit agreed with the trial court. On the “radio communication” issue, the appellate court ruled that Congress meant a “radio communication” to mean a “predominantly auditory broadcast” like an AM/FM or CB radio broadcast. Because data sent over a Wi-Fi signal isn’t auditory, the Court held that it was not a “radio communication” under the Wiretap Act, regardless of whether a wireless access point used radio frequencies to communicate.

Having found that the “radio communication” exception didn’t apply, it also rejected Google’s second argument that unencrypted Wi-Fi signals are “readily accessible to the general public.” The Court noted that unlike, for example, an FM radio station which could broadcast for miles, Wi-Fi signals are “geographically limited and fail to travel far beyond the walls of the home or office where the access point is located.” In addition, the Court reasoned Wi-Fi signals aren’t “accessible” because capturing them “requires sophisticated hardware and software” and “most of the general public lacks the expertise to intercept and decode payload data transmitted over a Wi-Fi network.” As a result, the lawsuit against Google will now continue.

The Good and The Bad

First, the bad. If you’re a security researcher in the Ninth Circuit (which covers most of the West Coast) who wants to capture unencrypted Wi-Fi packets as part of your research, you better call a lawyer first (and we can help you with that). The Wiretap Act imposes both civil and serious criminal penalties for violations and there is a real risk that researchers who intentionally capture payload data transmitted over unencrypted Wi-Fi—even if they don’t read the actual communications —may be found in violation of the law. Given the concerns about over-criminalization and overcharging, prosecutors now have another felony charge in their arsenal.

On the other hand, the decision also provides a strong argument that the feds and other law enforcement agencies that want to spy on data transmitted over unencrypted Wi-Fi will need to get a wiretap order to do so. We’ve seen the government use a device called a “moocherhunter” without a search warrant to read Wi-Fi signals to figure out who’s connecting to a particular wireless router. This decision suggests that to the extent the government uses a device like this (or even a “stingray” to the extent it can capture Wi-Fi signals) to capture payload data —even if just to determine a person’s location—they’ll need a wiretap order to do so. That’s good news since wiretap orders are harder to get than a search warrant.

It’s doubtful this will be the last word; lower courts have disagreed with each other and the Ninth Circuit is the first appellate court to rule on the tricky issue. We’ll be following the cases closely to especially see how the government interprets the decision, both to see whether it prosecutes security researchers and whether it gets a wiretap order to use its exotic surveillance tools.

A Cheat Sheet To Congress’ NSA Spying Bills

This post, by Policy Analyst and Legislative Assistant Mark M. Jaycox, originally appeared on the Electronic Frontier Foundation website on Sept. 11.

The veil of secrecy around the government’s illegal and unConstitutional use of both Section 215 of the Patriot Act and Section 702 of the Foreign Intelligence Surveillance Act (FISA) is being lifted. As a result, Congress has seen a flurry of legislation to try and fix the problems; however, as we’ve been saying since June there are far more questions than answers about the spying. And Congress must create a special investigative committee to find out the answers. Right now, the current investigations are unable to provide the American public with the information it needs.

For now, here’s a quick summary of the bills in Congress drafted after the June leaks that have a chance to go forward. They try to fix Section 215 of the Patriot Act, curtail the secret law being created by the surveillance court overseeing the spying (the Foreign Intelligence Surveillance Court, or FISA court), and change how the FISA court operates. Unfortunately, there is no bill in Congress with prospects of moving forward that tackles Section 702 of FISA — the section used for PRISM.

Quick Links:

Section 215 Bills:

Senator Patrick Leahy: The FISA Accountability and Privacy Protection Act of 2013

Representatives John Conyers and Justin Amash: The LIBERT-E Act

Ending Secret Law:

Representatives Adam Schiff and Todd Rokita: The Ending Secret Law Act

Corporate Disclosure:

Senator Al Franken: The Surveillance Transparency Act of 2013

Representatives Rick Larsen and Justin Amash: The Government Surveillance Transparency Act of 2013

Restructuring the FISA Court:

Senator Richard Blumenthal: The FISA Court Reform Act of 2013 and the FISA Court Judge Selection Reform Act

Representative Adam Schiff: The Presidential Appointment of FISA Court Judges Act

Representative Steve Cohen: The FISA Court Accountability Act

Section 215 Bills

Here are the bills that focus on trying to fix Section 215 of the Patriot Act:

Senator Patrick Leahy: The FISA Accountability And Privacy Protection Act Of 2013

Leahy’s bill is an overarching bill that includes language to try and stop mass spying, increase the number of reports about the spying and publicly disclose the secret law supposedly justifying the programs. The bill makes sure a Section 215 order must include “specific and articulable facts” that the information is relevant to an investigation and that the order “pertains to” an individual. It’s a good start; however, with the released Administration White Paper, the Leahy language doesn’t look strong enough to stop the abusive use of Section 215. Leahy has said that he will continue to refine the bill as it moves forward. This is good news, as a bill from Senators Mark Udall and Ron Wyden’s uses similar language.

Representatives John Conyers And Justin Amash: The LIBERT-E Act

Conyers and Amash present one of the few Section 215 fixes in the House of Representatives with the potential to move forward. Similar to Senator Leahy’s bill, the bill by Conyers and Amash mandates every order include “specific and articulable facts.” But the bill is also more specific: It adds that an order must “pertain only to an individual” under investigation. Other bills introduced to stop the abuse of Section 215 include bills by Representative Dennis Ross and Representative Michael Fitzpatrick. Both are similar to Conyers’ and Amash’s bill, except that Fitzpatrick includes a requirement that the records sought are “material” to an investigation. Representative Rush Holt also has a bill completely repealing Section 215 and Section 702.

Lastly, Representatives Jim Sensenbrenner and Zoe Lofgren have also announced they plan to propose legislation tackling many of the issues brought forward by the June leaks. Both representatives have been at the forefront of fighting against the Administration’s use of Section 215 to obtain innocent Americans’ calling information, and the Electronic Frontier Foundation is excited to see what they come up with.

Ending Secret Law

Currently, almost all of the decisions and orders by the secret FISA court are unknown to the public. The bills by Leahy, Udall, Merkley Conyers all have sections that create processes for the release of the secret law supposedly justifying the NSA’s programs. But there are also bills in Congress solely dedicated to disclosing the opinions:

Representatives Adam Schiff And Todd Rokita: The Ending Secret Law Act

The bill by Schiff and Rokita compels the Attorney General to release all decisions, orders and opinions with significant legal interpretations of the law. All opinions submitted to Congress before enactment must be released within 180 days, and all opinions submitted to Congress after enactment must be released within 45 days. If the Attorney General decides the opinions cannot be released due to national security, then he must release a summary of the decision. The same bill was introduced in the Senate by Senators Jeff Merkley and Mike Lee, and also in the House by Representative Sheila Jackson-Lee.

Corporate Disclosure

Senator Al Franken: The Surveillance Transparency Act Of 2013

There are also bills allowing companies to disclose further details any secret FISA order they receive for customer information. For instance, Franken’s Surveillance Transparency Act of 2013 requires the government to provide more reports to Congress and the public about its use of the Foreign Intelligence Surveillance Act, how many orders were filed and how many individuals it impacted. The bill also ensures companies can disclose similar information every six months.

Representatives Rick Larsen And Justin Amash: The Government Surveillance Transparency Act Of 2013

A bill by Larsen and Amash also seeks to increase reporting on how the government uses FISA. The bill, HR 2736, requires in aggregate numbers the number of orders the government filed using the Foreign Intelligence Surveillance Act, the number of people impacted by the orders and a general description of the information sought by the order.

Restructuring The FISA Court

Lastly, there are bills that seek to reorganize the FISA court. Currently, the judges on the court are selected by the Chief Justice of the Supreme Court. The court is also one-sided: When the government requests the calling information for every American, there is no one to argue against it. There are quite a few bills that seek to restructure and fix the FISA Court.

Senator Richard Blumenthal: The FISA Court Reform Act Of 2013 And The FISA Court Judge Selection Reform Act

Blumenthal has introduced two bills, S 1460 and S 1467 to change how the FISA court operates. The first bill establishes an Office of the Special Advocate (OSA) which introduces an adversary to the court. The OSA can contest FISA court orders, appeal orders all the way to the Supreme Court, request declassification of documents and call for public amicus briefs in certain cases.

The second bill, seeks to address the problem of judicial selection. What’s resulted as a result of FISA court judges being picked by the Chief Justice of the Supreme Court is a court heavily slanted toward former prosecutors and the eastern part of the United States. Instead of having a secret selection process, the second bill mandates each chief judge of a Federal circuit to publicly nominate a judge from their circuit to serve on the FISA court.

Other Bills

Other bills touching FISA court structural reform include bills by Schiff (which has the President, with the advice and consent of the Senate, nominating FISA court judges) and Representative Steve Cohen (which has the Chief Justice, and the majority and minority leaders of each house of Congress choosing judges).

More Bills To Follow

All of these bills are a start to tackling many of the problems raised by the leaked files. But none of them fix Section 702 of the Foreign Intelligence Surveillance Act, which the government is using to collect innocent Americans’ communications. As a result of the NSA spying, mass collection of innocent Americans’ information must stop. We look forward to the bills moving through Congress, but a full investigation of the NSA spying by a special Congressional must also occur. Join the more than 100 organizations and half-a-million people pushing Congress to stop the spying and fully investigate it.

Organizations, Activists Lining Up To Sue Against NSA Surveillance

This post originally appeared on the Electronic Frontier Foundation website on Sept. 10.

Five new groups—including civil-rights lawyers, medical-privacy advocates and Jewish social-justice activists—have joined a lawsuit filed by the Electronic Frontier Foundation (EFF) against the National Security Agency (NSA) over the unconstitutional collection of bulk telephone call records. With today’s amended complaint, EFF now represents 22 entities in alleging that government surveillance under Section 215 of the Patriot Act violates Americans’ First Amendment right to freedom of association.

The five entities joining the First Unitarian Church of Los Angeles v. NSA lawsuit before the U.S. District Court for the Northern District of California are: Acorn Active Media, the Charity and Security Network, the National Lawyers Guild, Patient Privacy Rights and The Shalom Center. They join an already diverse coalition of groups representing interests including gun rights, environmentalism, drug-policy reform, human rights, open-source technology, media reform and religious freedom.

“The First Amendment guarantees the freedom to associate and express political views as a group,” EFF legal director Cindy Cohn said. “The NSA undermines that right when it collects, without any particular target, the phone records of innocent Americans and the organizations in which they participate. In order to advocate effectively, these organizations must have the ability to protect the privacy of their employees and members.”

In June, The Guardian newspaper published a secret order from the Foreign Intelligence Surveillance Court (FISC) that authorized the wholesale collection of phone records of all Verizon customers, including the numbers involved in each call, the time and duration of the call, and “other identifying information.” Government officials subsequently confirmed the document’s authenticity and acknowledged the order was just one of a series issued on a rolling basis since at least 2006.

EFF originally filed the lawsuit on June 16, arguing the tracking program allows the government to compile detailed connections between people and organizations that have no correlation to national security investigations. Along with adding the new plaintiffs, the amended complaint also adds new information about “contact chaining” searches through the vast trove of phone records, adds James B. Comey as a defendant now that he is the head of the FBI, and makes some additional changes.

For Rabbi Arthur Waskow of The Shalom Center, the revelations come with a sense of déjà vu.

“Jewish tradition for at least the last 2,000 years has celebrated the right of privacy of the people against surveillance by a ruler,” Waskow said. “A generation ago, I joined with other antiwar activists to successfully sue the FBI over its ‘COINTELPRO’ program, which violated our right to assemble in opposition to the Vietnam War. Now, as director of The Shalom Center—a religious organization advocating for peace, social justice and environmental sustainablility—I am concerned that the NSA has greatly surpassed the FBI in undermining our Constitutional rights.”

The National Lawyers Guild, a public-interest legal association that has defended civil rights for more than 75 years, notes that surveillance has substantially impeded its ability to communicate with those seeking legal assistance.

“Applied on a massive scale, government surveillance becomes a form of oppression,” the Guild’s Executive Director Heidi Boghosian said. “Knowing that we are likely monitored, we have curbed our electronic interactions. Sensitive discussions about cases are confined to in-person meetings and letters. We have no illusions that our hotline for individuals visited by the FBI is private; we don’t even ask for specific details for fear of government eavesdropping.”

EFF also represents the plaintiffs in Jewel v. NSA, a class-action case filed on behalf of individuals in 2008 aimed at ending the NSA’s dragnet surveillance of millions of ordinary Americans. The Jewel case is set for a conference with the Court on September 27 in San Francisco.

For the amended complaint:
https://www.eff.org/document/first-unitarian-church-los-angeles-v-nsa-amended-complaint

Tahoe And Tor: Building Privacy On Strong Foundations

Tahoe-LAFS draws from a combination of computer security philosophies, backed up with cryptography implement in open-source code.

The Principle of Least Authority
In computer science, the principle of least authority means granting the minimum set of permissions necessary to accomplish a task. For example, someone who is a contributing blogger on a website doesn’t need full administrator access to a site. Tahoe attempts to apply this principle to online file storage by ensuring through encryption that the organization storing your data can’t see all your data, and that users can be given fine-grained access through cryptographic capabilities.

Cryptographic capabilities
In Tahoe-LAFS, you can read or write a file in the system only if you know a (rather long) set of characters, or key. The capability keys are different for each file, which means you can share a picture by sending a friend one capability key without giving them access to everything. You can also give people power to create or even edit files by sending them different keys. Using capability-based security means there’s no central authority that manages access control for you, as with Dropbox or Google Docs. You’re in charge of spreading (or withholding) your capability keys.

Erasure coding
A method of redundantly storing data over a number of servers that allows data to be reconstructed, even if a certain number of those servers get shut down or corrupted. In the default Tahoe network, data is spread over 10 drives and can be read even if seven of those servers are lost. That means you don’t have to rely on one provider and makes Tahoe storage harder to disrupt.

This post, by International Director Danny O’Brien, originally appeared on the Electronic Frontier Foundation website on Sept. 6.

Many people want to build secure Internet services that protect their users against surveillance, or the illegal seizure of their data. When EFF is asked how to build these tools, our advice is: Don’t start from scratch. Find a public, respected project that provides the privacy-protecting quality you want in your own work, and find a way to implement your dream atop these existing contributions.

So, for instance, the New Yorker’s Strongbox, a dropbox for anonymous sources, uses Tor as its basis to provide anonymity to its users. If you want anonymity in your app, building your tool on top of Tor’s backbone means you can take advantage of its experience and future improvements, as well as letting you contribute back to the wider community.

Anonymity is only one part of what will make the Net secure and privacy-friendly, though. The recent National Security Administration revelations as well as glitches and attacks on single services like GitHub, Amazon, Twitter and The New York Times, have prompted demand for online data storage that doesn’t depend on companies that might hand over such data or compromise security to comply with government demands, nor depend on one centralized service that could be taken down through external pressure.

The Tahoe Least Authority File System (Tahoe-LAFS) has been actively developed since 2007. Just as Tor concentrates on anonymity, Tahoe-LAFS’s developers have worked hard to create a resilient, decentralized, infrastructure that lets you store online both data you’d want to keep private, as well as data you want to share with selected groups of friends. It’s also able to protect against a single source of failure or censorship, like a commercial service being attacked or responding to a takedown.

Tahoe-LAFS is open source, but this month, some of the Tahoe project’s founders launched S4, a commercial “PRISM-proof” secure, off-site backup service that uses Tahoe as a backend and Amazon as a storage site.

Tahoe’s protections against third-party snooping and deletion have the kind of strong mathematical guarantees that reassure security experts that Tahoe-LAFS is well-defended against certain kinds of attack. That also means its privacy and resilience are not dependent on the good behavior or policies of its operators. (See the box for more information.)

Secure online backups like S4 are one possible use for Tahoe’s time-tested code and approach. You and your friends can run your own Tahoe network, sharing storage space across a number of servers, confident that your friends can see and change only what they have the caps to see, and that even if a sizable number of those servers disappear, your data will still be retrievable. Services like git-annex-assistant, a decentralized Dropbox-like folder synchronizer, already optionally offer it as backend. Some privacy activists have run private Tahoe networks over Tor, creating an anonymous, distributed and largely censorship-proof storage system.

It’s great to see commercial services like S4 emerging in the face of our new knowledge about pervasive online surveillance. Even better is the possibility that others, including entrepreneurs, designers and usability experts, will stand on the shoulders of the secure possibilities that protocols like Tor and Tahoe provide and give us all innovative Internet tools that can truly keep users and their data safe and sound.

EFF: Hundreds of Pages of NSA Spying Documents to be Released As Result of Lawsuit

In a major victory in one of EFF’s Freedom of Information Act (FOIA) lawsuits, the Justice Department conceded yesterday that it will release hundreds of pages of documents, including FISA court opinions, related to the government’s secret interpretation of Section 215 of the Patriot Act, the law the NSA has relied upon for years to mass collect the phone records of millions of innocent Americans.

In a court filing, the Justice Department, responding to a judge’s order, said that they would make public a host of material that will “total hundreds of pages” by next week, including:

[O]rders and opinions of the FISC issued from January 1, 2004, to June 6, 2011, that contain a significant legal interpretation of the government’s authority or use of its authority under Section 215; and responsive “significant documents, procedures, or legal analyses incorporated into FISC opinions or orders and treated as binding by the Department of Justice or the National Security Agency.”

While the government finally released a white paper detailing its expansive (and unconstitutional) interpretation of Section 215 last month, more important FISA court opinions adopting at least part of that interpretation have remained secret. The results of EFF’s FOIA lawsuit will finally lift the veil on the dubious legal underpinnings of NSA’s domestic phone surveillance program.

This victory for EFF comes on the heels of another FOIA success two weeks ago, when the Justice Department was also forced to release a 2011 FISA court opinion ruling some NSA surveillance unconstitutional.

Like our lawsuit over that 2011 FISA opinion—where the government posted the results on Director of National Intelligence’s new Tumblr account—the Justice Department may attempt to portray this release as being done out of the goodness of its heart and as a testament to its commitment to transparency. While we applaud the government for finally releasing the opinions, it is not simply a case of magnanimity. The Justice Department is releasing this information because a court has ordered it to do so in response to EFF’s FOIA lawsuit, which was filed on the tenth anniversary of the enactment of the Patriot Act—nearly two years ago.

For most of the duration of the lawsuit, the government fought tooth and nail to keep every page of its interpretations secret, even once arguing it should not even be compelled to release the number of pages that their opinions consisted of. It was not until the start of the release of documents leaked by NSA whistleblower Edward Snowden that the government’s position became untenable and the court ordered the government to begin the declassification review process.

It also should be noted, that on the same day the government agreed to release this information, GOP Rep. Jim Sensenbrenner, the author of the Patriot Act, submitted an amicus brief authored by EFF supporting ACLU’s constitutional challenge of the NSA phone collection program that relies on Section 215. In other words, even the author of Section 215 thinks the government has twisted and distorted its language to justify something that the law was never supposed to allow. Now, we will finally see that tortured interpretation.

EFF’s Open Letter to John Kerry: Tell Ethiopia to Release Eskinder Nega and Stop Imprisoning Bloggers

The following open letter, written by the Electronic Frontier Foundation, addresses a very frightening global trend: Nations increasingly using terror prevention as justification to lock up dissidents. Based on some provisions in the most recent National Defense Authorization Act, it is possible that similarly extreme cases could occur in the U.S.

Dear Secretary of State John Kerry,

This month marks the second anniversary of Eskinder Nega’s imprisonment.  When you visited Ethiopia in May, Eskinder Nega had already been imprisoned – and thus silenced – for over a year. It’s time for the United States to use its considerable influence to vigorously and directly advocate Nega’s freedom and, in the process, to promote free expression and independent journalism throughout Ethiopia.

Now is a crucial moment for the Secretary to speak out. Over the weekend, Ethiopian security forces in Addis Ababa brutally suppressed a demonstration calling for political reforms and the release of jailed journalists and dissidents.

Eskinder Nega is an internationally recognized Ethiopian reporter-turned-blogger.  His award-winning journalism on political issues in Ethiopia – and his refusal to stop publishing or flee the country – has made him the target of persecution by the Ethiopian government for many years. Nega was arrested in September 2011 and then convicted under a new, extremely broad anti-terrorism law in Ethiopia. Nega’s so-called crime was writing articles and speaking publicly on topics such as the Arab Spring and Ethiopia’s poor record on press freedom. For that, he was sentenced to 18 years in prison.

In July, the New York Times published a letter from Eskinder Nega in prison, who explained that Ethiopia’s anti-terrorism law “has been used as a pretext to detain journalists who criticize the government.”  He elaborated on the actions that landed him in prison on charges of terrorism:

I’ve never conspired to overthrow the government; all I did was report on the Arab Spring and suggest that something similar might happen in Ethiopia if the authoritarian regime didn’t reform. The state’s main evidence against me was a YouTube video of me, saying this at a public meeting. I also dared to question the government’s ludicrous claim that jailed journalists were terrorists.

As Leslie Lefkow, deputy Africa director at Human Rights Watch, said, “The use of draconian laws and trumped-up charges to crack down on free speech and peaceful dissent makes a mockery of the rule of law.”

EFF has joined other free speech advocates and human rights organizations around the world in calling for Nega’s release. The UN Working Group on Arbitrary Detention has joined the movement calling for Nega’s freedom. And Amnesty International has rightly declared Nega a prisoner of conscience and is petitioning for his release.

Journalists and human rights organizations around the world have condemned Nega’s sentence and called for his release. It’s time for the United States, and especially the State Department, to do the same.

We’re writing today to urge you to use your relationship with Ethiopia to campaign for Eskinder Nega’s freedom and the freedom of all peaceful bloggers in Ethiopia.

We appreciate the public statements that the State Department has made about Nega’s imprisonment, but that’s not enough. Nega has already spent two years in prison, and other bloggers in Ethiopia have also been silenced by similar unjust imprisonments.

A free and independent media is vital to democracy and justice. We are calling on you to speak out on behalf of Eskinder Nega and raise his case with your contacts within the Ethiopian government. We urge you to more strongly tie American economic and political support for  Ethiopia to its  record on press freedom. The Ethiopian government should understand that the imprisonment of Eskinder Nega has real and continuing consequences to the health of its global diplomatic and financial relationships with its partners.

The United States has deep ties with Ethiopia. Please use this access and influence to champion the rights of free expression and press freedom that are guaranteed by the Ethiopian constitution and international law.

Sincerely,

Electronic Frontier Foundation

An Illustration Of How The NSA Misleads The Public Without Technically Lying

This article, written by activist Trevor Timm, originally appeared on the Electronic Frontier Foundation website on Aug. 29.

The Wall Street Journal published an important investigation on Aug. 20, reporting that the National Security Agency (NSA) has direct access to many key telecommunications switches around the country and “has the capacity to reach roughly 75% of all U.S. Internet traffic in the hunt for foreign intelligence, including a wide array of communications by foreigners and Americans.” Notably, NSA officials repeatedly refused to talk about this story on their conference call with reporters the next day. Instead, the Director of National Intelligence and the NSA released a statement about the story later that evening.

If you read the statement quickly, it seems like the NSA is disputing the WSJ story. But on careful reading, the NSA actually does not deny any of it. As we’ve shown before, often you have to carefully parse NSA statements to root out deception and misinformation, and this statement is no different. The NSA has tried to deflect an accurate story with its same old word games. Here’s a breakdown:

The NSA does not sift through and have unfettered access to 75% of United States online communications…The report leaves readers with the impression that the NSA is sifting through as much as 75% of the United States online communications, which is simply not true.

Of course, The Wall Street Journal never says the NSA “sifts through” 75 percent of U.S. communications. It reported that the NSA’s system “has the capacity to reach roughly 75% of all U.S. Internet traffic.” The NSA’s new term, “sift,” is undefined; but regardless of what the NSA is doing or not doing to 75 percent of Americans’ emails, it does have the technical capacity to search through it for key words — which it does not deny.

In its foreign intelligence mission, and using all its authorities, NSA “touches” about 1.6%, and analysts look at 0.00004% of the world’s Internet traffic.

See what the NSA did there? The Wall Street Journal was talking about U.S.-only communications traffic, not the world’s total Internet traffic. The vast majority of the world’s Internet traffic is video-streaming and downloads. According to a study done by Cisco, video made up more than half of all Web traffic in 2012 — and that does not include peer-to-peer sharing. By 2017, Cisco predicts 90 percent of all Internet traffic will be video.

As Jeff Jarvis aptly documented, the NSA can vacuum up an extraordinary percentage of the world’s (and American) communications while touching only 1.6 percent of total Internet traffic.

Oh, and that 0.00004 percent? That math may be wrong, too. The Atlantic Wire double-checked the NSA’s numbers when it first used that stat and determined the NSA’s math was off by an order of magnitude; it actually searches 10 times more than the NSA says it does.1

The assistance from the providers, which is compelled by the law, is the same activity that has been previously revealed as part of Section 702 collection and PRISM.

First, notice that the NSA is conflating PRISM, which involves collection from Internet companies like Facebook, with the “upstream” collection The Wall Street Journal reports on: telecommunications companies like AT&T that give the NSA direct access to the fiber optic cables that all Internet traffic travels over. Here’s the NSA’s own leaked graphic explaining the difference:

nsa graphic

Second, siphoning off large portions of Internet traffic directly from the Internet backbone is not “compelled by law.” In fact, as the Electronic Frontier Foundation argued in court for years, the telecoms’ participation in this program with the NSA was both illegal and unConstitutional. Obviously, they knew it, because that’s why Congress passed retroactive immunity for companies like AT&T in 2008. But that immunity only extended to the telecom, and EFF’s case against the ongoing illegal surveillance continues.

Section 702 specifically prohibits the intentional acquisition of any communications when all parties are known to be inside the U.S.

Yes, Section 702 prohibits the intentional acquisition of U.S. communications, but once U.S. communications are in an NSA database — which happens often — the NSA can search them without a warrant, as documents recently published by The Guardian revealed. Unknown or anonymous people are assumed to be foreign, meaning many U.S. people will be caught up in the dragnet.

The law specifically prohibits targeting a U.S. citizen without an individual court order based on a showing of probable cause.

We’ve previously dissected the NSA’s warped definition of “target.”  NSA agents have to be only 51 percent sure the person they’re spying on is foreign. Additionally, a host of loopholes exist that allow the NSA to keep U.S. communications if they’re encrypted, if there’s evidence of a crime and more.

And as The New York Times reported on its front page on Aug. 8, officials admit the NSA is “searching the contents of vast amounts of Americans’ e-mail and text communications into and out of the country” under the guise of looking for information about targets, not just communications to targets.

If that communications involves a US person, NSA must follow Attorney General and FISA court [Foreign Intelligence Surveillance Court] approved “minimization procedures” to ensure the Agency protects the privacy of US persons.

Those “minimization procedures” do not ensure that the NSA protects privacy. Rather, they are woefully inadequate, primarily concerned with minimizing the amount of data to be removed from the database and expanding on the circumstances under which the NSA can keep the data and share it with other agencies.

So there you have it: how the NSA pretends to deny a media report without denying it at all. We are still awaiting an honest account of the NSA’s capabilities. Tell your representative to demand an independent investigation today.

  • 1. In response to The Atlantic, the NSA said the figure is nevertheless valid, because “classified information that goes into the number is more complicated than what’s in your calculation.”

 

EFF Explains Perfect Forward Secrecy, an Important Web Privacy Protection

This article, written by activist Peter Higgins, originally appeared on the Electronic Frontier Foundation website on August 28.

When you access a Web site over an encrypted connection, you’re using a protocol called HTTPS. But not all HTTPS connections are created equal. In the first few milliseconds after a browser connects securely to a server, an important choice is made: the browser sends a list of preferences for what kind of encryption it’s willing to support, and the server replies with a verification certificate and picks a choice for encryption from the browser’s list. These different encryption choices are called “cipher suites.” Most of the time, users don’t have to worry about which suite the browsers and servers are using, but in some cases it can make a big difference.

One important property is called “perfect forward secrecy,” but only some servers and only some browsers are configured to support it. Sites that use perfect forward secrecy can provide better security to users in cases where the encrypted data is being monitored and recorded by a third party. That particular threat may have once seemed unlikely, but we now know that the NSA does exactly this kind of long-term storage of at least some encrypted communications as they flow through telecommunications hubs, in a collection effort it calls “upstream.”

How can perfect forward secrecy help protect user privacy against that kind of threat? In order to understand that, it’s helpful to have a basic idea of how HTTPS works in general. Every Web server that uses HTTPS has its own secret key that it uses to encrypt data that it sends to users. Specifically, it uses that secret key to generate a new “session key” that only the server and the browser know. Without that secret key, the traffic traveling back and forth between the user and the server is incomprehensible, to the NSA and to any other eavesdroppers.

But imagine that some of that incomprehensible data is being recorded anyway—as leaked NSA documents confirm the agency is doing. An eavesdropper who gets the secret key at any time in the future—even years later—can use it to decrypt all of the stored data! That means that the encrypted data, once stored, is only as secure as the secret key, which may be vulnerable to compromised server security or disclosure by the service provider.

That’s where perfect forward secrecy comes in. When an encrypted connection uses perfect forward secrecy, that means that the session keys the server generates are truly ephemeral, and even somebody with access to the secret key can’t later derive the relevant session key that would allow her to decrypt any particular HTTPS session. So intercepted encrypted data is protected from prying eyes long into the future, even if the website’s secret key is later compromised.

It’s important to note that no flavor of HTTPS, on its own, will protect the data once it’s on the server. Web services should definitely take precautions to protect that data, too. Services should give user data the strongest legal protection possible, and minimize what they collect and store in the first place. But against the known threat of “upstream” data collection, supporting perfect forward secrecy is an essential step.

So who protects long-term privacy by supporting perfect forward secrecy? Unfortunately, it’s not a very long list—but it’s growing. Google made headlines when it became the first major web player to enable the feature in November of 2011. Facebook announced last month that, as part of security efforts that included turning on HTTPS by default for all users, it would enable perfect forward secrecy soon. And while it doesn’t serve the same volume as those other sites, www.eff.org is also configured to use perfect forward secrecy. Outside of the web, emails encrypted using the OpenPGP standard do not have forward secrecy, but instant messages (or text messages) encrypted using the OTR protocol do.

Supporting the right cipher suites—and today, for the Web, that means ones that support perfect forward secrecy—is an important component of doing security correctly. But sites may need encouragement from users because, like HTTPS generally, supporting perfect forward secrecy doesn’t come completely without a cost. In particular, it requires more computational resources to calculate the truly ephemeral session keys required.

It may not be as obvious a step as simply enabling HTTPS, but turning on perfect forward secrecy is an important improvement that protects users. More sites should enable it, and more users should demand it of the sites they trust with their private data.

EFF Outlines Three Illusory “Investigations” Of The NSA Spying That Will Never Succeed

This article, written by policy analyst Mark M. Jaycox, was originally published on August 23, 2013 by the Electronic Frontier Foundation.

Since the revelations of confirmed National Security Agency spying in June, three different “investigations” have been announced. One by the Privacy and Civil Liberties Oversight Board (PCLOB), another by the Director of National Intelligence, Gen. James Clapper, and the third by the Senate Intelligence Committee, formally called the Senate Select Committee on Intelligence (SSCI).

All three investigations are insufficient, because they are unable to find out the full details needed to stop the government’s abuse of Section 215 of the PATRIOT Act and Section 702 of the Foreign Intelligence Surveillance Act. The PCLOB can only request—not require—documents from the NSA and must rely on its goodwill, while the investigation led by Gen. Clapper is led by a man who not only lied to Congress, but also oversees the spying. And the Senate Intelligence Committee—which was originally designed to effectively oversee the intelligence community—has failed time and time again. What’s needed is a new, independent, Congressional committee to fully delve into the spying.

The PCLOB: Powerless to Obtain Documents

The PCLOB was created after a recommendation from the 9/11 Commission to ensure civil liberties and privacy were included in the government’s surveillance and spying policies and practices.

But it languished. From 2008 until May of this year, the board was without a Chair and unable to hire staff or perform any work. It was only after the June revelations that the President asked the board to begin an investigation into the unconstituional NSA spying. Yet even with the full board constituted, it is unable to fulfill its mission as it has no choice but to base its analysis on a steady diet of carefully crafted statements from the intelligence community.

As we explained, the board must rely on the goodwill of the NSA’s director, Gen. Keith Alexander, and Gen. Clapper—two men who have repeatedly said the NSA doesn’t collect information on Americans.

In order to conduct a full investigation, the PCLOB will need access to all relevant NSA, FBI, and DOJ files. But the PCLOB is unable to compel testimony or documents because Congress did not give it the same powers as a Congressional committee or independent agency. This is a major problem. If the NSA won’t hand over documents to Congress, then it will certainly not give them to the PCLOB.

The Clapper Investigation: Overseen by a Man Accused of Lying to Congress

The second investigation was announced by President Obama in a Friday afternoon news conference. The President called for the creation of an “independent” task force with “outside experts” to make sure “there absolutely is no abuse in terms of how these surveillance technologies are used.” Less than two days later, the White House followed up with a press release announcing the task force would be led by Gen. Clapper and would also report to him. What’s even worse: the task force was not tasked with looking at any abuse. It was told to focus on how to “protect our national security and advance our foreign policy.” And just this week, ABC News reported the task force will be full of thorough Washington insiders–not “outside experts.” For instance, one has advocated the Department of Homeland Security be allowed to scan all Internet traffic going in and out of the US. And another, while a noted legal scholar on regulatory issues, has written a paper about government campaigns to infiltrate online groups and activists. In one good act, the White House selected Peter Swire to be on the task force. Swire is a professor at Georgia Tech and has served as the White House’s first ever Chief Privacy Officer. Recently, he signed an amicus brief in a case against the NSA spying by the Electronic Privacy Information Center arguing that the NSA’s telephony metadata program is illegal under Section 215 of the PATRIOT Act. Despite this, and at the end of a day, a task force led by General Clapper full of insiders,—and not directed to look at the extensive abuse—will never get at the bottom of the unconstitutional spying.

The Senate Intelligence Committee Has Already Failed

The last “investigation” occurring is a “review” led by the Senate Intelligence Committee overseeing the intelligence community. But time and time again the committee has failed at providing any semblance of oversight. First, the chair and ranking member of the committee, Senators Dianne Feinstein (CA) and Saxby Chambliss (GA), respectively, are stalwart defenders of the NSA and its spying activities. They have both justified the spying, brushed aside any complaints, and denied any ideas of abuse by the NSA.

Besides defending the intelligence community, the committee leadership have utterly failed in oversight—the reason why the Senate Intelligence Committee was originally created by the Church Committee. As was revealed last week, Senator Feinstein was not shown or even told about the thousands of violations of the spying programs in NSA audits of the programs. This is in direct contradiction to her statements louting the “robust” oversight of the Intelligence Committee. Lastly, the committee is prone to secrets and hiding behind closed doors: this year, the Senate Intelligence Committee has met publicly only twice. What’s clear is that the Intelligence Committee has been unable to carry out its oversight role and fresh eyes are needed to protect the American people from the abuses of the NSA.

A New Church Committee

All three of these investigations are destined to fail. What’s needed is a new, special, investigatory committee to look into the abuses of by the NSA, its use of spying powers, its legal justifications, and why the intelligence committees were unable to rein in the spying. In short, we need a contemporary Church Committee. It’s time for Congress to reassert its oversight capacity. The American public must be provided more information about the NSA’s unconstitutional actions and the NSA must be held accountable. Tell your Congressmen now to join the effort.

EFF Victory Results In Release Of Foreign Intelligence Surveillance Court Opinion Finding NSA Surveillance UnConstitutional

In response to EFF’s FOIA lawsuit, the government has released the 2011 FISA court opinion ruling some NSA surveillance unConstitutional.

For almost two years, EFF has been fighting the government in Federal court to force the public release of an 86-page opinion of the secret Foreign Intelligence Surveillance Court (FISC). Issued in October 2011, the secret court’s opinion found that surveillance conducted by the NSA under the FISA Amendments Act was unConstitutional and violated “the spirit of” Federal law.

Today, EFF can declare victory: a Federal court ordered the government to release records in our litigation, the government has indicated it intends to release the opinion today, and ODNI called a  press conference to discuss “issues” with FISA Amendments Act surveillance, including a discussion of the opinion.

It remains to be seen how much of the opinion the government will actually make available to the public. President Obama has repeatedly said he welcomes a debate on the NSA’s surveillance: disclosing this opinion—and releasing enough of it so that citizens and advocates can intelligently debate the Constitutional violation that occurred—is a critical step in ensuring that an informed debate takes place.

Here are examples of documents previously released by the administration in response to our Freedom of Information Act request. Anything even resembling those “releases” would be utterly unacceptable today. But we’ve come a long way since then, it took filing a lawsuit; litigating (and winning) in the FISC itself; the unprecedented public release of information about NSA surveillance activities; and our continuing efforts to push the government in the district court for release of the opinion.

Release of the opinion today is just one step in advancing a public debate on the scope and legality of the NSA’s domestic surveillance programs. EFF will keep fighting until the NSA’s domestic surveillance program is reined in, Federal surveillance laws are amended to prevent these kinds of abuse from happening in the future, and government officials are held accountable for their actions.

EFF: Court Rules Accessing a Public Website Isn’t A Crime, But Hiding Your IP Address Could Be

This article, written by staff attorney Hanni Fakhoury, was originally published on August 20, 2013 by the Electronic Frontier Foundation.

In the ongoing legal battle between craigslist and 3taps, a new court opinion makes clear that people are “authorized” under the Computer Fraud and Abuse Act (CFAA) to access a public website. But what the court gave with one hand it took with the other, as it also ruled that sending a cease-and-desist letter and blocking an IP address is enough to “revoke” this authorization.

3taps collects real-estate data from craigslist and makes it available to other companies to use. One of those companies, Padmapper, republished craigslist apartment postings over a map to enable users to view apartment listings geographically, a feature then unavailable on the craigslist site. Craigslist’s terms of service prohibits people from “scraping” or copying data from craigslist’s site.

After learning about 3Taps and its clients, craigslist sent 3taps a cease-and-desist letter demanding they stop using craigslist data this way and then blocked 3taps’ IP address from accessing the craigslist site. Ultimately, craigslist sued 3taps in federal court, arguing that 3taps had violated the CFAA. 3taps moved to dismiss the case, arguing that under the Ninth Circuit Court of Appeals decision in United States v. Nosal, 3taps could not be liable under the CFAA for violating craigslist’s terms of service.

While the court agreed with 3taps on this point, it questioned whether the CFAA even protected information available on a publicly accessible website like craigslist in the first place. After the court agreed to accept additional briefing on this point, we along with a number of law professors, filed an amicus brief with the court urging it to rule that everyone is “authorized” to visit a public website under the CFAA.

Last week, the court ruled that this interpretation of the CFAA “makes sense,” meaning that everyone starts out as “authorized” to access a publicly accessible website. But it found that, with respect to 3taps, craigslist had used its “power to revoke, on a case-by-case basis, the general permission it granted to the public to access the information on its website” by sending the cease and desist letter and blocking 3taps’ IP address. The decision is certainly a mixed bag.

First the positive.

It is encouraging to see courts recognize that the CFAAwhich creates both civil and criminal liabilitydoesn’t criminalize accessing information from a publicly accessible website. The government used that precise theory to prosecute Andrew “Weev” Auernheimer for exposing an AT&T security flaw that publicly revealed thousands of customers’ email addresses. The possibility of imposing CFAA liability on someone from using information made freely available on the web posed a major threat on the openness and innovation of the Internet.

Moreover, by focusing on the IP blocking, the court essentially agreed with the basic principle we’ve suggested as a means to limit the reach of the CFAA: that there must be circumvention of a technological barrier before a person can be found to have “accessed” information or data “without authorization.” In fact one proposal to reform the CFAA currently before Congress, “Aaron’s Law,” defines “access without authorization” to mean precisely that: “knowingly circumventing one or more technological or physical measures that are designed to exclude or prevent unauthorized individuals from obtaining that information.” The court adopted this idea in principle when it found that craigslist’s CFAA claim was based on something more than violating the terms of service of a publicly accessible website, and indeed something more than the cease and desist letter alone.

Now for the troubling part of the court’s opinion.

We believe that the CFAA requires hackingdoing something that breaches a technological barrier, like cracking a password or taking advantage of a SQL injection.

Changing your IP address is simply not hacking. That’s because masking your IP address is an easy, common thing to do. And there’s plenty of legitimate reasons to do so, whether its to protect your privacy, preserve innovation or avoid price discrimination. Plus, in the context of this case, craigslist’s IP address blocking and cease-and-desist letter combined to essentially act as a “use” restriction. In other words, craigslist relied on these two things to enforce its terms of service upon 3taps.

There’s a serious potential for mischief that is encouraged by this decision, as companies could arbitrarily decide whose authorization to “revoke” and need only write a letter and block an IP address to invoke the power of a felony criminal statute in what is, at best, a civil business dispute.

Hopefully future courts thinking about these issues can use the good aspects of this decision to recognize that violating a technological measure is necessary. But they need to think more critically about whether IP address blocking, even if coupled with a cease and desist letter, is enough for a CFAA violation.

Accessing a public website isn’t a crime. Neither is hiding your online identity.

Electronic Frontier Foundation: The Three Pillars of Government Trust Have Fallen

The Electronic Frontier Foundation has reacted to Thursday’s Washington Post story on the National Security Agency’s eye-opening audit, which dismantled the fallacy that there are adequate oversight mechanisms built into the government’s program of domestic spying, with a timely column that explains just how far America’s leadership has fallen in abusing the public trust. Act now to join the growing number of Americans demanding an end to unConstitutional NSA spying.

 

By Cindy Cohn and Mark M. Jaycox

The Electronic Frontier Foundation

With each recent revelation about the NSA’s spying programs government officials have tried to reassure the American people that all three branches of government—the Executive branch, the Judiciary branch, and the Congress—knowingly approved these programs and exercised rigorous oversight over them. President Obama recited this talking point just last week, saying: “as President, I’ve taken steps to make sure they have strong oversight by all three branches of government and clear safeguards to prevent abuse and protect the rights of the American people.”  With these three pillars of oversight in place, the argument goes, how could the activities possibly be illegal or invasive of our privacy?

Today, the Washington Post confirmed that two of those oversight pillars—the Executive branch and the court overseeing the spying, the Foreign Intelligence Surveillance Court (FISA court)—don’t really exist. The third pillar came down slowly over the last few weeks, with Congressional revelations about the limitations on its oversight, including what Representative Sensennbrenner called “rope a dope” classified briefings. With this, the house of government trust has fallen, and it’s time to act. Join the over 500,000 people demanding an end to the unconstitutional NSA spying.

First, the Executive. After a review of internal NSA audits of the spying programs provided by Edward Snowden, the Post lays out—in stark detail—that the claims of oversight inside the Executive Branch are empty. The article reveals that an internal NSA audit not shown to Congress, the President, or the FISA Court detailed thousands of violations where the NSA collected, stored, and accessed American’s communications content and other information. In one story, NSA analysts searched for all communications containing the Swedish manufacturer Ericsson and “radio” or “radar.” What’s worse: the thousands of violations only include the NSA’s main office in Maryland—not the other—potentially hundreds—of other NSA offices across the country. And even more importantly, the documents published by the Post reveal violations increasing every year. The news reports and documents are in direct contrast to the repeated assertions by President Obama (video), General James Clapper (video), and General Keith Alexander (video) that the US government does not listen to or look at Americans’ phone calls or emails. So much for official pronouncements that oversight by the Executive was “extensive” and “robust.

Second, the FISA Court. The Post presents a second article in which the Chief Judge of the FISA Court admits that the court is unable to act as a watchdog or stop the NSA’s abuses: “The FISC is forced to rely upon the accuracy of the information that is provided to the Court,” its chief, US District Judge Reggie B. Walton, said in a written statement. “The FISC does not have the capacity to investigate issues of noncompliance.”  Civil liberties and privacy advocates have long said that the FISA Court is a rubber stamp when it comes to the spying, but this is worse—this is the Court admitting that it cannot conduct the oversight the President and others have claimed it is doing. So much for claims by officials from the White House (video), NSA, DOJ, and Intelligence Committee members of Congress that the FISA Court is another strong pillar of oversight.

Third, the Congress. Last week, Representative Sensenbrenner complained that “the practice of classified briefings are a ‘rope-a-dope operation’ in which lawmakers are given information and then forbidden from speaking out about it.” Members of Congress who do not serve on the Intelligence Committees in the both the House and Senate have had difficulty in obtaining documents about the NSA spying. Last week, it was even uncovered that the Chairman of the House Intelligence Committee, Rep. Mike Rogers, failed to provide freshmen members of Congress vital documents about the NSA’s activities during a key vote to reapprove the spying. Senators Wyden and Udall have been desperately trying to tell the American people what is going on, but this year the House Intelligence committee’s Subcommittee on Oversight has not met once and the Senate Intelligence committee has met publicly only twice.

One, two, three pillars of government, all cited repeatedly as the justification for our trust and all now obviously nonexistent or failing miserably. It’s no surprise Americans are turning against the government’s explanations.

The pattern is now clear and it’s getting old. With each new revelation the government comes out with a new story for why things are really just fine, only to have that assertion demolished by the next revelation. It’s time for those in government who want to rebuild the trust of the American people and others all over the world to come clean and take some actual steps to rein in the NSA. And if they don’t, the American people and the public, adversarial courts, must force change upon it.

We still think the first step ought to be a truly independent investigatory body that is assigned to look into the unconstitutional spying. It must be empowered to search, read and compel documents and testimony, must be required to give a public report that only redacts sensitive operational details, and must suggest specific legislation and regulatory changes to fix the problem—something like the Church Committee or maybe even the 9/11 Commission. The President made a mockery of this idea recently, by initially handing control of the “independent” investigation he announced in his press conference to the man who most famously lied to Congress and the American people about the spying, the Director of National Intelligence James Clapper.

The three pillars of American trust have fallen. It’s time to get a full reckoning and build a new house from the wreckage, but it has to start with some honesty.

EFF: Multiple New Polls Show Americans Reject Wholesale NSA Domestic Spying

This article, published Tuesday by the Electronic Frontier Foundation (EFF), demonstrates Americans’ growing mistrust of the Federal government’s Orwellian and secretive programs that enable law enforcement agencies to spy on U.S. citizens without warrants, probable cause or informing us we’re being targeted. Follow the link at the end to add your voice to the growing number of people who demand the government come clean about its domestic surveillance operations, and to urge Congress to reform our Nation’s broad, permissive laws that have nurtured the expansion of Federal spy programs.

By Mark M. Jaycox  and Trevor Timm

Polls further confirm that Americans are deeply concerned with the unconstitutional NSA spying programs. In a July 10 poll by Quinnipiac University, voters were asked whether the government’s efforts “go too far in restricting the average person’s civil liberties” or “not far enough to adequately protect the country.” The poll revealed that Americans largely believe that the government has gone too far by a margin of 45% to 40%. This is a clear reversal from a January 2010 survey in which the same question found that 63% of voters believed the government didn’t “go far enough to adequately protect the country.”

Polls further reveal Americans as highly skeptical of the programs. In an Economist/YouGov poll, 56% of Americans do not think the NSA is telling the truth about the unconstitutional spying. The same poll found that 59% of people disapprove of the spying, while only 35% approve of it. These numbers are not outliers and are supported by a recent Fox News poll (.pdf) finding 62% of Americans think the collection of phone records is “an unacceptable and alarming invasion of privacy rights.”

The latest poll, performed by Pew, affirms every one of these conclusions. Not only are Americans skeptical about the program, but they also believe the government has gone too far—the same exact conclusion found in the Quinnipiac poll. In a series of questions, Pew asked Americans whether they supported or opposed the program with different phrasings. As Pew reports: “Under every condition in this experiment more respondents oppose than favor the program.” The Pew poll is full of evidence supporting the fact that Americans oppose the unconstitutional spying, are skeptical of government claims about the unconstitutional NSA spying, and are increasingly concerned about their privacy rights.

In the 1950s and 60s, the NSA spied on all telegrams entering and exiting the country. The egregious actions were only uncovered after Congress set up an independent investigation called the Church Committee in the 1970s after Watergate. When the American public learned about NSA’s actions, they demanded change. And the Church Committee delivered it by providing more information about the programs and by curtailing the spying.

Just like the American public in the 1970s, Americans in the 2010s know that when the government amasses dossiers on citizens, it’s neither good for security nor for privacy. And a wide range of polls this week show widespread concern among the American people over the new revelations about NSA domestic spying.

Yesterday, the Guardian released a comprehensive poll showing widespread concern about NSA spying. Two-thirds of Americans think the NSA’s role should be reviewed. The poll also showed Americans demanding accountability and more information from public officials—two key points of our recently launched stopwatching.us campaign.

But there’s more. So far, Gallup has one of the better-worded questions, finding that 53% of Americans disapprove of the NSA spying. A CBS poll also showed that a majority—at 58%—of Americans disapprove of the government “collecting phone records of ordinary Americans.” And Rasmussen—though sometimes known for push polling—also recently conducted a poll showing that 59% of Americans are opposed to the current NSA spying.

The only poll showing less than a majority on the side of government overreach was Pew Research Center, which asked Americans whether it was acceptable that the NSA obtained “secret court orders to track the calls of millions of Americans to investigate terrorism.” Pew reported that 56% of Americans said it was “acceptable.” But the question is poorly worded. It doesn’t mention the widespread, dragnet nature of the spying. It also neglects to describe the “information” being given—metadata, which is far more sensitive and can provide far more information than just the ability to “track the calls” of Americans. And it was conducted early on in the scandal, before it was revealed that the NSA doesn’t even have to obtain court orders to search already collected information.

Despite the aggregate numbers, many of the polls took place at the same time Americans were finding out new facts about the program. More questions must be asked. And if history is any indication, the American people will be finding out much more. Indeed, just today the Guardian reported that its working on a whole new series with even more NSA revelations about spying.

One thing is definitely clear: the American public is demanding answers and needs more information. That’s why Congress must create a special investigatory committee to reveal the full extent of the programs. Democracy demands it.

Head over to the Electronic Frontier Foundation to take action by signing the organization’s letter to Congress demanding a full accounting of the NSA’s U.S. citizen surveillance activities.

Judge Grants Preliminary Injunction To Protect Free Speech After EFF Challenge

This post, written by senior staff attorney Matt Zimmerman, was originally published on August 9, 2013 by the Electronic Frontier Foundation.

Newark, NJ – A New Jersey federal district court judge granted motions for a preliminary injunction today, blocking the enforcement of a dangerous state law that would put online service providers at risk by, among other things, creating liability based on “indirect” publication of content by speech platforms.

The Electronic Frontier Foundation (EFF) argued for the injunction in court on behalf of the Internet Archive, as the statute conflicts directly with federal law and threatens service providers who enable third party speech online.

“The Constitution does not permit states to pass overbroad and vague statutes that threaten protected speech. The New Jersey statute created that threat and the court was right to block it,” said EFF Senior Staff Attorney Matt Zimmerman. “Similarly, Section 230 of the Communications Decency Act prohibits the state from threatening to throw online providers in jail for what their users do and the statute violated that rule as well. We are grateful that the court recognized the importance of these bedrock principles to online libraries and other platforms that make the Internet the vital and robust tool it is today.”

The New Jersey law at issue is an almost carbon-copy of a Washington state law successfully blocked by EFF and the Internet Archive last year. While aimed at combatting online ads for underage sex workers, it instead imposes stiff criminal penalties on ISPs, Internet cafes, and libraries that “indirectly” cause the publication or display of content that might contain even an “implicit” offer of a commercial sex act if the content includes an image of a minor. The penalties – up to 20 years in prison and steep fines – would put enormous pressure on service providers to block access to broad swaths of otherwise protected material in order to avoid the vague threat of prosecution.

“Within the past month, we’ve seen a coalition of state attorneys general ask Congress to gut CDA 230 to make way for harmful laws like New Jersey’s,” said Zimmerman. “This misguided proposal puts speech platforms at risk, which in turn threatens online speech itself. Law enforcement can and must pursue criminals vigorously, but attacking the platforms where people exercise their right to free speech is the wrong strategy.”

Backpage.com separately filed suit against this law, represented by the law firm of Davis Wright Tremaine, who also joined today’s argument.

For more on this case:
https://www.eff.org/cases/internet-archive-v-hoffman