At the local, state, and federal level, people across the country are urging politicians to ban the government’s use of face surveillance because it is inherently invasive and dangerous. Many U.S. cities have done so, including San Francisco and Boston. Now is our chance to end the federal government’s use of this spying technology.
Tell your Senators and Representatives they must pass Facial Recognition and Biometric Technology Moratorium Act, HR 3907/S.2052. It was recently introduced by Senators Edward J. Markey (D-Mass.), Jeff Merkley (D-Ore.), Bernie Sanders (I-Vt.), Elizabeth Warren (D-Mass.), and Ron Wyden (D-Ore.), and by Representatives Pramila Jayapal (WA-07), Ayanna Pressley (MA-07) and Rashida Tlaib (MI-13). This important bill would be a critical step to ensuring that mass surveillance systems don’t use your face to track, identify, or harm you. The bill would ban the use of face surveillance by the federal government, as well as withhold certain federal funds for local and state governments that use the technology.
A month ago, Governor Newsom announced a plan to invest $7 billion of federal rescue funds and state surplus dollars to be mostly invested into public broadband infrastructure meant to serve every Californian with affordable access to infrastructure ready for 21st century demands. In short, the proposal would empower the state government, local governments, cooperatives, non-profits, and local private entities to utilize the dollars to build universal 21st century access. With that level of money, the state could end the digital divide—if invested correctly.
But, so far, industry opposition from AT&T and cable have successfully sidelined the money—as EFF warned earlier this month. Now, they’re attempting to reshape how the state spends a once-in-a-generation investment of funds to eliminate the digital divide into wasteful spending and a massive subsidy that would go into the industry’s hands. Before we break down the woefully insufficient industry alternative proposals that are circulating in Sacramento, it is important we understand the nature of California’s broadband problem today, and why Governor Newsom’s proposal is a direct means of solving it.Industry’s Already Shown Us How Profit-Driven Deployment Leaves People Behind
This cannot be emphasized enough, but major industry players are discriminating against communities that would be profitable to fully serve in the long term. Why? These huge companies have opted to expand their short-term profits through discriminatory choices against the poor. That’s how California became the setting for a stark illustration of the digital divide in the pandemic: a picture of little girls doing homework in a fast food parking lot so they could access the internet. That was not in a rural market, where households are more spaced out. That was Salinas, California, a city with a population of 155,000+ people at a density of 6,490 people per square mile. There was no good reason why those little kids didn’t have cheap, fast internet at home. We should disabuse ourselves of the notion that any industry subsidy will change how they approach the business of deploying broadband access.
And in the lack of meaningful digital redlining regulation, it is perfectly natural for industry to opt to discriminate against low-income neighborhoods because of the pressures to deliver fast profits to investors. It is why dense, urban markets that would be profitable to serve, such as Oakland and Los Angeles, have a well-documented and thoroughly studied digital redlining problem. Research shows that it’s mostly Black and brown neighborhoods that are skipped over for 21st century network investments. It is also the same reason why people in rural California suffer from systemic underinvestment in networks that led to one of the largest private telecom bankruptcies in modern times—impacting millions of Californians. If the profit is not fast enough, they will not invest, and throwing more government money at these short term focused companies will never fix the problem.
Big internet service providers have shown us again and again that they will not invest in areas that present an unattractive profit rate for their shareholders. On average, it takes a network about five years to fully deploy, and new networks were first deployed in these companies’ favored areas well over a decade ago. No amount of government money from a one-time capital expenditure standpoint will change their estimations of who is a suitable long-term payer for their private products and services. Their conclusions are hard-wired into expectations driven by Wall Street investors for their ability to pay dividends and keep delivering consistent profits certain households will deliver to them. Their priorities will not change due to more money from the state. Even with more aggressive regulation to address profitable yet discriminated against areas, the private industry is not able to address areas that will yield zero profit to provide service.
The only means to reach 100% universal access with 21st century fiber broadband at affordable prices is to promote locally held alternatives and aggressively invest in public broadband infrastructure. Some rural communities can only be fully served by a local entity that can take a 30-to-40-year debt investment strategy that is not subject to pressure from far-off investors to deliver profits. That is exactly how we got electricity out to rural communities. Broadband being an essential service, the expectations of consistent revenue from rural residents to sustain their own networks align well with making long-term bets—as envisioned by Governor Newsom’s proposal to create a Loan Loss Revenue Reserve Account. This account will enable long-term low-interest infrastructure financing. And, most importantly, it’s only possible to deliver affordable access for low-income users in many places if we decouple the profit motive with the provisioning of this essential service. For proof of this, look no further than Chattanooga, Tennessee, where 17,700 households with low-income students will enjoy 10 years of free 100/100mbps fiber internet access at the zero profit cost of $8.2 million.
If we want to make 21st century-internet something everyone can access regardless of their socioeconomic status and location, we need to use all the options available to us. The private market has its role and importance. But truly reaching 100% access is not possible without a strong public model to cover those who are most difficult to reach.What Industry Is Actually Asking Sacramento To Do With Our Money
The suggestions the cable industry and AT&T are making to Sacramento right now fail us twice over. They will not actually solve the problem our state faces. They will also set us down a path of perpetual industry subsidization and sabotage of the public model. These suggestions seem focused on blocking the state government from pushing middle-mile fiber deep into every community, which is a necessary pre-condition to ensure a local private or public solution is financially feasible. Still, the mere existence of some connectivity in or near an area does not mean there is the capacity to deliver 21st century access. Solving that problem requires fiber. And it’s the lack of accessible fiber (predominantly in rural areas) that prevents local solutions from taking root in many places, even those that are motivated. Industry has no solution to offer in these places, because it has always avoided investing in those areas.
Let’s start with cable companies' specific suggestions. This industry has a very long history of opposing municipal fiber to preserve high-speed monopolies. And so their suggested change to Governor Newsom’s plan comes as no surprise because all it would do is jam all the funding into the existing California Advanced Services Fund (CASF), which they supported in 2017. CASF has utterly failed to make significant progress in eliminating the digital divide. EFF has detailed why California’s broadband program is in desperate need of an update and has sponsored legislation to adopt a 21st century infrastructure standard in the face of industry opposition—which prevented needed changes to CASF in the height of the pandemic, with an assist from California’s Assembly.
There is no saving grace for the existing broadband infrastructure program. CASF has spent an obscene amount of public money on obsolete slow connections that were worthless during the pandemic due to legislative restrictions the industry sought. Its current rules also make large swathes of rural California ineligible for broadband investments, and it prioritizes private industry investments by blocking most local government bidders. It is no surprise cable suggests we spend another $7 billion on that failed experiment.
Arguably the worst suggestion the cable industry makes to Governor Newsom’s plan is to eliminate the long-term financing program that would help local governments access the bond market, and instead cram it into the failed CASF program. Doing that would mean local communities would be barred from replacing 1990s-era connections with fiber, and continue to reward the industry’s strategy of discriminating against low-income Californians and prioritizing the wealthy. That would effectively destroy the ability of local governments to finance community-wide upgrades, which is a core strategy of rural county governments left to deal with the wake of the Frontier Communications bankruptcy. By sabotaging the long-term financing program, cable ensures local governments have little chance of financing their own networks—and that is the entire point. If Sacramento wants to see everyone in rural California and underserved cities connected, then community networks must be community-wide to make long-term financing the cost of the entire network to all people affordable. Forcing the public sector to offset the discriminatory choices of industry only rewards that discrimination and makes these community solutions financially infeasible.
AT&T, which has never lacked humility when talking to Sacramento legislators, has gone as far to say in a letter to the legislature that building out capacity to every community somehow prevents local last-mile solutions from taking root. That’s a bogus argument. If you don’t have capacity at an affordable rate provisioned to a community, there can never be a local solution. If that capacity is already available to rural communities today at a price point that enables local solutions, then we would be seeing it in rural communities today. So, unless AT&T is planning to show the state and local communities exactly where—and at what price—it is offering middle mile fiber to rural communities, legislators should just ignore this obvious misdirection.
What is also particularly frustrating to read in AT&T’s letter is the argument that barely anyone needs infrastructure in California to engage in remote work, telehealth, and distance education. The letter goes so far as to say only 463,000 households need access.
This just is not true. For starters, AT&T’s estimate is premised on the assumption that an extremely slow 25/3 mbps broadband connection is more than enough to use the internet today. That standard was established in 2015, long before the pandemic reshaped access needs. It is effectively useless today as a metric to assess infrastructure, because it obscures the extent to which the industry has under-invested in 21st century ready access. No one builds a network today to just deliver 25/3 mbps. Doing so would be a gigantic waste of money. Anything new built today is built with fiber, without exception. The appropriate assessment of the state’s communications infrastructure should boil down to one question: who has fiber?
The reality, per state data, is that just to meet the Governor’s minimum metric of 100 mbps download the number of households that need support rises by 100,000s above AT&T’s estimate. And if we want 21st century fiber-based infrastructure access throughout the state, as envisioned by President Biden and Governor Newsom's proposal, we have millions of homes to connect—something that can be done with a $7 billion investment.
The choice for Sacramento should be easy. An investment at the size of $7 billion that will enable high-capacity fiber infrastructure throughout the state will begin a 21st century access transition for all Californians who lack it today. Adopting AT&T’s vision of narrowly funneling the funds to an extremely limited number of Californians while shoveling the rest in their coffers as subsidies will build nothing.
Security research is vital to protecting the computers upon which we all depend, and protecting the people who have integrated electronic devices into their daily lives. To conduct security research, we need to protect the researchers, and allow them the tools to find and fix vulnerabilities. The Digital Millennium Copyright Act’s anti-circumvention provisions, Section 1201, can cast a shadow over security research, and unfortunately the progress we’ve made through the DMCA rule-making process has not been sufficient to remove this shadow.
DMCA reform has long been part of EFF’s agenda, to protect security researchers and others from its often troublesome consequences. We’ve sued to overturn the onerous provisions of Section 1201 that violate the First Amendment, we’ve advocated for exemptions in every triennial rule-making process, and the Coders Rights Project helps advise security researchers about the legal risks they face in conducting and disclosing research.
Today, we are honored to stand with a group of security companies and organizations that are showing their public support for good faith cybersecurity research, standing up against use of Section 1201 of the DMCA to suppress the software and tools necessary for that research. In the statement below, the signers have united to urge policymakers and legislators to reform Section 1201 to allow security research tools to be provided and used for good faith security research, and to urge companies and prosecutors to refrain from using Section 1201 to unnecessarily target tools used for security research.
The statement in full:
We the undersigned write to caution against use of Section 1201 of the Digital Millennium Copyright Act (DMCA) to suppress software and tools used for good faith cybersecurity research. Security and encryption researchers help build a safer future for all of us by identifying vulnerabilities in digital technologies and raising awareness so those vulnerabilities can be mitigated. Indeed, some of the most critical cybersecurity flaws of the last decade, like Heartbleed, Shellshock, and DROWN, have been discovered by independent security researchers.
However, too many legitimate researchers face serious legal challenges that prevent or inhibit their work. One of these critical legal challenges comes from provisions of the DMCA that prohibit providing technologies, tools, or services to the public that circumvent technological protection measures (such as bypassing shared default credentials, weak encryption, etc.) to access copyrighted software without the permission of the software owner. 17 USC 1201(a)(2), (b). This creates a risk of private lawsuits and criminal penalties for independent organizations that provide technologies to researchers that can help strengthen software security and protect users. Security research on devices, which is vital to increasing the safety and security of people around the world, often requires these technologies to be effective.
Good faith security researchers depend on these tools to test security flaws and vulnerabilities in software, not to infringe on copyright. While Sec. 1201(j) purports to provide an exemption for good faith security testing, including using technological means, the exemption is both too narrow and too vague. Most critically, 1201(j)’s accommodation for using, developing or sharing security testing tools is similarly confined; the tool must be for the "sole purpose" of security testing, and not otherwise violate the DMCA’s prohibition against providing circumvention tools.
If security researchers must obtain permission from the software vendor to use third-party security tools, this significantly hinders the independence and ability of researchers to test the security of software without any conflict of interest. In addition, it would be unrealistic, burdensome, and risky to require each security researcher to create their own bespoke security testing technologies.
We, the undersigned, believe that legal threats against the creation of tools that let people conduct security research actively harm our cybersecurity. DMCA Section 1201 should be used in such circumstances with great caution and in consideration of broader security concerns, not just for competitive economic advantage. We urge policymakers and legislators to reform Section 1201 to allow security research tools to be provided and used for good faith security research In addition, we urge companies and prosecutors to refrain from using Section 1201 to unnecessarily target tools used for security research.
Black Hills Information Security
Electronic Frontier Foundation
Grand Idea Studio
SANS Technology Institute
Social Exploits LLC
With Big Tech monopolies owning many of the online services we regularly use, is there still a space (and an audience) for platforms and content outside this mostly proprietary ecosystem?Language English