EFF update

As California, the world's fifth-largest economy, navigates a changing landscape, including a budget deficit, it's important that the legislature not take shortcuts that rob the state of future-proof technology. Instead of backing down, the California legislature must continue on the path for broadband funding that it has already started down. Doing so would ensure a future of high-speed, low-cost internet access for all Californians.

In 2021 Governor Newsom signed into law S.B. 156, which promised a $6-billion multi-year investment toward building broadband infrastructure in California. This $6 billion, together with the incoming federal Broadband Equity Access and Deployment (BEAD) dollars, is enough money to deliver 21st-century-ready broadband access to virtually all Californians. This is badly needed. California, and indeed much of the United States, pays far more for far poorer internet than other similarly developed nations.

Unfortunately, the California State Assembly plans to cut $625 million in last-mile broadband infrastructure funding, defer $950 million over the next three fiscal years, and reduce state middle mile fiber funding by an additional $125 million. Any cut to broadband funding undermines California’s ability to fulfill the promise of 21st-century broadband access to all, which then undercuts both the economic development opportunities of building and having 21st century broadband access and the state’s ability to address the systemic inequalities that arise from digital discrimination. 

In its proposal (page 113) the Assembly seeks to offset state expenditure with federal BEAD dollars to come. That is both directly counter to the rules that determine BEAD funding and gives up the chance to cover both unserved and underserved Californians. Instead of simply seeking to cover uncovered areas, the combined funds of original bill and the BEAD money would allow all Californians access to high-speed, low-cost internet. As it stands, by cutting the funding, the California legislature risks losing the BEAD money as well, turning a win-win into a lose-lose.

By directly contradicting guidance from the National Telecommunications Information Administration (NTIA), this proposal endangers California’s ability to receive BEAD dollars altogether. NTIA’s guidance (page 82) expressly states federal dollars cannot be used to “supplant…amounts that the eligible entity would otherwise make available for purposes for which the grant funds may be used.” Should California take the Assembly’s approach of substituting state dollars that would have been spent on broadband with federal, the NTIA is fully within their right to withhold federal funding from California. This lack of funds would undermine all efforts to deliver internet access across the state.

The existing state budget under S.B. 156 was passed before BEAD even existed. S.B. 156 made available enough funding to deploy broadband to every “unserved” Californian with fiber optic infrastructure. This was established by utilizing detailed cost model data collected by the state government to project the total budget needed when accounting for the high one-time sunk cost of infrastructure.

BEAD presents an opportunity to invest in low-income urban neighborhoods that have legacy access and also need to be upgraded to fiber optic infrastructure. California would be able to utilize BEAD funding to provide fiber optic connectivity to “underserved” Californians (residents lacking broadband access that deliver speeds up to 100/20 mbps). Typically, these residents are low-income and reside in our major urban markets such as Los Angeles, San Francisco, San Diego, and Oakland.  If the state cuts down on its own investment and utilizes these federal dollars to primarily service the “unserved,” the state would be taking away grant funds from urban communities entitled to those funds under the federal law.

The state charted the right course to deliver 21st century broadband infrastructure to all when it planned to supplement the investments made in S.B. 156 with BEAD funds. Cutting down the total amount available only serves to limit the ability of public investment to deliver fiber infrastructure throughout the state. As the Biden Administration noted as part of its own broadband infrastructure guidance, “only end-to-end fiber” can meet the long-term connectivity and economic needs of communities. We ask the California legislature to not throw away our once-in-a-lifetime shot to create lasting economic opportunities and address systemic harms across the state for generations to come.

This is part five of an ongoing, five-part series. Part one, the introduction, is here. Part two, about breaking up ad-tech companies, is here. Part three, about banning surveillance ads, is here. Part four, about opening up app stores, is here. Download this whole series as a single PDF.

Once, news organizations enthusiastically piled into social media. New platforms like Facebook and Twitter were powerful “traffic funnels,” where algorithmic recommendation systems put excerpts from news stories in front of a vast audience of new readers, who followed the links at the end of the excerpt to discover sources that became part of their regular news-diets. 

As platforms like Facebook grew essential to the new companies’ business, they changed the deal. First, it was a general “deprioritization” of news posts.

This didn’t just mean that articles from news accounts were less likely to be recommended to users who didn’t subscribe to the news publisher’s account. It also meant that people who explicitly followed publishers — that is, who had explicitly directed Facebook to show them the things those publishers posted — would be less likely to see the publishers’ posts.

The public explanation for this was that Facebook was shifting to prioritizing posts from “friends,” but publishers couldn’t help but notice that their account managers at Facebook stepped up the pressure to “boost” their posts. 

The implied message was, “While Facebook says it’s prioritizing posts from users’ friends in their feeds, we’re actually prioritizing posts from users’ friends, as well as posts from publishers who will pay us to put their posts back into the feeds of the readers who asked to see them.”

Facebook was betting that publishers would pay for “reach.” It’s not just Facebook: the new Twitter policy is explicit: if you want to reliably reach the people who asked to see your Tweets, you need to sign up for Twitter Blue. If you’re a media company, that will cost you $1,000/month.

Facebook parent company Meta has also doubled down on holding media companies to ransom, charging for “verification,” and with it, a soft promise that the material you post will reach the people who asked to see it.

The tech companies’ logic is simple: once end-users and publishers are locked into their platforms, any value they create for one another can — and should — be captured by the platform instead. The ideal user feed should consist of just enough of the things the user has asked to see, or is predicted to enjoy, as will keep that user on the platform.

Naturally, the news needs to be where users are. So long as the users stay put on a platform, the press will feel pressured to join them. That gives platforms leverage to charge news sources for “boosting” or “verification” or other forms of Danegeld to increase the likelihood that the news they post will reach the people who asked to see it.

This conduct — where a platform prioritizes delivering the content that makes it the most money, irrespective of its users’ wishes — violates the venerable end-to-end principle: that a platform’s first duty should be to deliver data sent by willing senders to willing recipients, as quickly and reliably as possible.

When we apply end-to-end to the internet itself, we call it “Net Neutrality”: the idea that your ISP should deliver the data to you asked for (a video from your preferred streaming service, say), not the data its investors wish you had asked for (a video from a rival streaming service owned by your ISP).

Like the internet itself, early social media was born neutral: the first social networks were simple conduits connecting users, so every user’s update was shown to that user’s followers. Gradually, these feeds were augmented with recommendation systems that  helped users prioritize otherwise excessive posts from the people they followed.

But as users were switched from a default of show-me-the-things-my-friends-posted to the default of show-me-the-things-you-think-I-should-see, a powerful temptation seized platform managers: to violate the implicit contract to deliver the things users requested, and then turn to the senders (publishers, performers, creators) and demand ransom money to reach their own followers.

Paying to “boost” content is now ubiquitous. It’s another way — along with gouging on ad commissions and mobile app payments —  that tech platforms misappropriate value generated by the news.

If social media platforms honored the end-to-end principle, this ransom would end. Social media users would see the things they asked to see and publishers would reach the audiences that asked to hear from them.

It's possible that we could see a law or regulation mandating end-to-end delivery for platforms, but we don't have to wait for a law. The platforms are incorrigble in their continuous violations of existing fraud, privacy, and competition laws. After years of successful delaying tactics, time has run out on the largest tech companies, which are now facing colossal fines for their bad behavior.

A fine on its own won't be enough to deter companies from breaking the rules. A fine is a price, and so long as the price is lower than the illicit profits it buys, companies will pay it. 

With fines climbing, companies are apt to begin suing for peace: offering settlements to end long, bruising fights. We think these settlements will offer a fine opportunity for regulators to craft service-specific end-to-end rules. 

Unlike other remedies — say, rules requiring platforms to curb harassment — an end-to-end rule is easy to administer. A no-harassment rule requires: agreement on the definition of harassment, agreement on whether a specific incident constitutes harassment, and a fact-intensive investigation of whether the platform had taken reasonable steps to prevent harassment. 

By contrast, if we suspect a platform isn't reliably delivering the messages it promised to deliver, we can just send test messages and see if they arrive. 

What's more, complying with an end-to-end rule doesn't require expensive engineering that would make the rule a barrier to entry for smaller, less abusive platforms. The default state of social media is delivery from senders to receivers: it's holding followers for ransom that requires extra engineering.

When tech was a competitive sector, most of the innovation was devoted to delivering more value to both end-users and publishers. Once tech became a concentrated industry dominated by bloated companies that had gorged themselves by buying up their smaller competitors, "innovation" shifted to finding new ways to misappropriate value from both users and business customers.

That's not so different from the story of telecoms itself. When telecoms curdled into a rent-seeking snarl, we built a better network, one that ran on end-to-end.

That same end-to-end principle will go a long way to unrigging social media platforms, too.

Download this whole series as a single PDF.

The question of when you can use a trademark is one we see all the time—and one that is often misunderstood. Many of the world’s largest and most powerful companies are  fanatical about their trademarks. But that means the public is often in the dark about how their First Amendment rights stack up to the censoring power of trademark rights. All of this came to a head in a case about a dog toy.

The U.S. Supreme Court issued a decision Thursday in Jack Daniel’s Properties v. VIP Products, a trademark case we weighed in on in an amicus brief. The main question before the Court was whether the Rogers test—a special test for trademark infringement that’s more protective of free expression—should be applied to VIP’s parody of Jack Daniel’s trademarks for a “Bad Spaniels” dog toy. Novelty dog toys aren’t exactly our usual focus at EFF, but this case was an important one because the Supreme Court had never ruled on whether the Rogers test is valid at all. Activists, artists, and regular internet users frequently use trademarks for expressive purposes, and the Rogers test provides important protection from legal threats.

The good news is that the Court didn’t reject the Rogers test, nor did it change the test itself. Instead, it ruled against VIP on narrower grounds, holding that Rogers’ heightened First Amendment protections didn’t apply because VIP was using “Bad Spaniels” as a trademark of its own—that is, to identify the source of the product.

As the Court explained, the defining characteristic of a trademark is that it signals the source of a good or service to consumers. For example, when you see the word “Oreo” on a package of cookies, you know those cookies came from the same company as every other pack of Oreo cookies. That makes “Oreo” a trademark. On that same package, you might also see the words “chocolate sandwich cookies.” That gives you some information about what’s inside, but it doesn’t tell you anything about who made the cookies—so that phrase is not functioning as a trademark. Trademark law rests on the assumption that knowing who made your cookies (or dog toy, or whiskey) helps you decide what to buy. The law regulates the use of trademarks so that consumers can confidently rely on their associations between trademark, source, and experience.

In the Court’s view, using someone else’s trademark (or a modified version of it) to designate the source of your own goods “falls within the heartland of trademark law” and therefore does not merit heightened First Amendment protection, even if you’re also using it to convey some other message. If you’re not using the trademark as a source identifier at all, though, the Rogers test may still apply to any infringement claim against you.

We’re relieved that the Rogers test remains mostly intact, and we’d like to think that our amicus brief on the social importance of expressive trademark uses and the Rogers test helped persuade the Court to keep its holding narrow. Still, we do have concerns about how the Court ruled.

One problem is that First Amendment interests may warrant heightened protection even for source identifiers when they’re attached to expressive works. As we explained in an amicus brief we filed in a Ninth Circuit case about a news outlet’s use of the name “Punchbowl News,” source-identifying terms may also be important components of a speaker’s expression. Moreover, the First Amendment stakes are always higher in trademark cases involving expressive works because a ruling can result in the elimination of information and ideas from the public sphere. The Ninth Circuit initially issued an opinion agreeing with us. But when the Supreme Court granted review in Jack Daniel’s, the Ninth Circuit put enforcement of its decision on hold pending the outcome of this case.

What’s worse, even non-source-identifying expression may be harmed if a court gets it wrong or if the burden of disputing this question chills lawful expression. In some cases, the challenged use will obviously not be acting as a source identifier and so the Jack Daniel’s decision will make no difference. Think of Andy Warhol’s paintings of Campbell’s soup cans: No one would ever think the inclusion of Campbell’s trademarks was meant to tell you who made the paintings. But there will be closer cases, too. For example, a t-shirt that has Nike’s “JUST DO IT” trademark under an image of the vaguely swoosh-shaped pipe from René Magritte’s painting “The Treachery of Images.” We think it’s obvious that the graphic is not functioning as a trademark. But this could look closer to how Nike uses its own marks, and courts are already more reluctant to apply the Rogers test in cases involving t-shirts or other mediums that they see as “commercial” rather than traditional art forms, even though the associated expression is no less valuable.

Finally, it’s troubling that the Court went directly from concluding that source-identifying trademark uses fall within trademark law’s “heartland” to concluding that no further First Amendment scrutiny was needed. That approach is in line with a frustrating trend in trademark and copyright cases to dispense with the traditional—and more protective—forms of First Amendment analysis applied to restrictions on speech in other areas of law. Congress’s own efforts to accommodate free speech concerns notwithstanding, statutory rights never trump Constitutional rights, and we’re disappointed that the Court did not evaluate the issues here accordingly.

As the Chinese government cracked down on online free expression over the last decade, blocking access to information, filtering content, surveilling users for social control, and unleashing malware disproportionately against its own people, there was one steady, anonymous voice on the internet speaking out against government censorship, calling for protests, and teaching netizens and activists how to protect themselves online.

It was a blog called Program Think, and its author’s identity was not known to the public. But their words touched many for their insightful political commentary, technical how-tos, frank discussion of the 1989 Tiananmen Square protests, and advocacy for free expression in China. As we mark the 34th anniversary of the protests this month, we are calling attention to Program Think, which for 12 years beginning in 2009 was the rare pro-democracy forum operating from within China, garnering tens of thousands of subscribers, all the while evading the internet police and keeping its author’s name secret—no easy feat. Even his wife didn’t know.

Today Ruan Xiaohuan, the blogger and cybersecurity expert behind Program Think, is in prison after being sentenced in February to seven years for alleged incitement to subvert the government. His situation was revealed in March by his wife Bei, who attended his sentencing hearing. She had not seen or heard from him since ten Chinese officers showed up at their home in Shanghai and took him in May 2021. He was tried in secret, his wife and family told little about his whereabouts or the charges against him. His name is banned on Chinese social media platforms.

Bei has hired two human rights attorneys to represent Ruan, 46, in an appeal, but Chinese authorities have blocked them and appointed two government lawyers. Meanwhile, Bei is speaking out to raise awareness about his case. “We will do what we can to make sure the second trial is fair and supervision by public opinion is one of the ways,” she told Vice.

Ruan is a target of an authoritarian regime that stamps out free expression and imprisons those who dare to speak out against the government. The Chinese government has repeatedly utilized the offense of "incitement to subvert the government" to target and imprison individuals involved in political activism, human rights advocacy, and expressing dissenting opinions.

China is not alone in this practice. Regrettably, countries around the world continue to abuse such crimes and numerous others to target their people. We have documented bloggers in the Middle East, Vietnam, Ethiopia, and elsewhere who, like Ruan, have been thrown in prison and given outrageous prison sentences or subjected to physical violence by authorities, echoing a disturbing pattern of persecution against dissenting voices. Courageous bloggers, journalists, and writers are treated like criminals for protecting and enhancing free expression and privacy.

This is a grave injustice. EFF joins free speech advocates around the world in calling for Ruan’s immediate release. States are obliged to uphold the right to free expression enshrined in Article 19 of the UN Universal Declaration of Human Rights. The UN Human Rights Council has affirmed that the same rights that people have offline must also be protected online, including the right to privacy and free expression. The right “to seek, receive and impart information” includes a right to devise and share tools that enable and protect those abilities.

Ruan’s journey to becoming one of China’s most well-known and courageous bloggers began amid a successful career as a cybersecurity expert. A college dropout with a passion for computer science, Ruan worked for cybersecurity companies, and later landed a government job as chief engineer for the information security system of the 2008 Beijing Summer Olympics. He continued his career in industry, but eventually decided to pursue open-source software development. He quit his job and started his blog in 2009.

At first, he focused his writing on software development. But that year was the 20th anniversary of the Tiananmen Square protests, and the government began blocking foreign websites, including the website that hosted his blog.

He found a way around the blockage, and published tutorials so his followers could continue seeing his posts. It was at that point that he began blogging about how to hide your online identity, how to circumvent China’s Great Firewall, and, increasingly, politics. As China clamped down even further, banning Western social media platforms and mandating censorship software on new computers, he wanted to speak out. “I don’t want to keep silent anymore, and I don’t want to avoid these issues anymore,” he blogged, according to an English translation. “It’s time to write something other than technology.”

Over the next 12 years, Program Think published over 700 posts about politics, security, and corruption, from building a database of hundreds of wealthy individuals and their ties to the Chinese Communist Party to “how to overcome the wall,” seemingly undetected or outwitting China’s internet police. In 2013 Program Think was nominated for the Deutsche Welle International Best of Blogs Award.

In prescient comments to Deutsche Welle, Ruan said two incidents—the suspicious death of a villager protesting a land grab to make way for the government-approved construction of a power plant, and pro-democracy protests where marchers were beaten and arrested—led him to call for public marches on his blog and focus on politics to raise awareness about China’s corrupt government. “At the time, blog posts calling on netizens to take to the  streets were in nature ‘inciting subversion of state power,’” he noted. “But I have been safe because I am more experienced in concealing identities.”

In explaining his decision to write about politics instead of just technology, he said everyone is touched by politics, even if they don’t realize it. “Many netizens have always had a misunderstanding, thinking that politics has nothing to do with their own lives…But everyone has to understand one thing: You don’t have to care about politics, but politics will care about you.”

Ruan urged people to speak out against injustice, putting himself at risk to inform, inspire, and motivate others to challenge attacks on freedom of expression. By silencing Ruan, imposing such a severe punishment, and denying him the ability to choose his own counsel to challenge his conviction, China’s playbook for stamping out criticism and free expression is on full display. We condemn this injustice and call for Ruan’s release.

EFF, the ACLU, the National Association of Criminal Defense Lawyers joined a coalition that sent two letters to the Senate Judiciary Committee to oppose S. 1080, the Cooper Davis Act. The letters point out the privacy, speech, and criminal justice problems with the bill.

The bill would require private messaging services, social media companies, and even cloud providers to report their users to the Drug Enforcement Administration (DEA) if they find out about certain illegal drug sales.

Even with the proposed amendments, S. 1080 would weaken an already insufficient privacy law and would provide a roadmap for more sweeping and overbroad carveouts. Its vague requirements and criminal penalties would result in companies over-reporting users to the DEA for innocent, protected speech. History shows it may also encourage companies to engage in dragnet scanning of user communications, which would result in even more errors and sweep up the same voices Congress is trying to protect.

Rather than addressing a pressing health crisis caused by fentanyl overdoses, this bill does an end run around the Fourth Amendment  by requesting user information from online services in the form of mandatory reporting and voluntary disclosures. This puts online services in the position to decide whether their users have engaged in a sale of or intent to sell illicit substances and then decide how much to report to the DEA. The bill also expressly undermines the already limited warrant or subpoena and notice requirements of the Stored Communications Act.  

The criminal legal system has always enforced drug crimes disproportionately in Black and Brown communities. This bill will result in the same disparate outcomes. Online services are not qualified to determine a user’s intent when they post photos, videos, or other communications to online services. People on online services often post things that are untrue or exaggerated in order to promote a persona — and as the DEA has observed, illegal activity is often transacted in coded communication  that is not easily decipherable. The inevitable result will be users having their personal information and private communications shared with the DEA by online services that lack the expertise and cultural competence to determine users’ intent — a fact demonstrated by the disproportionate impact of online services’ content moderation efforts on Black and transgender people.  Whether the determinations are made by algorithms or humans, disparate outcomes will mirror those in the larger criminal legal system.

Congress should be highly skeptical about giving law enforcement broad access to our conversations without judicial oversight. This bill contains no warrant requirement, no required notice, and limited user protections. Congress should vote No.

The other signers of EFF’s letter include:

• Advocacy for Principled Action in Government
• American Civil Liberties Union
• Center for Democracy & Technology
• Chamber of Progress
• Defending Rights & Dissent
• Fight for the Future
• Freedom of the Press Foundation
• Government Information Watch
• National Association of Criminal Defense Lawyers
• R Street Institute
• S.T.O.P. - Surveillance Technology Oversight Project

Other signers of ACLU and NACDL’s letter include:

• Advocacy For Principled Action In Government
• American Civil Liberties Union
• Center for Democracy & Technology
• Defending Rights & Dissent
• Due Process Institute 
• Government Information Watch
• Innocence Project
• Justice Strategies
• The Leadership Conference on Civil and Human Rights
• NAACP Legal Defense & Educational Fund, Inc.
• National Association of Criminal Defense Lawyers
• Organization for Identity & Cultural Development (OICD)
• Restore The Fourth
• Surveillance Technology Oversight Project

In a victory for transparency in police use of facial recognition, a New Jersey appellate court today ruled that state prosecutors—who charged a man for armed robbery after the technology showed he was a “possible match” for the suspect—must turn over to the defendant detailed information about the face scanning software used, including how it works, source code, and its error rate.

Calling facial recognition “a novel and untested technology,” the court in State of New Jersey v. Francisco Arteaga held that the defendant would be deprived of due process rights unless he could access the raw materials police used to identify him and test its reliability to build a defense. The inner workings of the facial recognition software is vital to impeach witnesses’ identification of him, challenge the state’s investigation, and create reasonable doubt, the court said.

The ruling is a clear win for justice, fairness, and transparency. Study after study shows that facial recognition algorithms are not always reliable, and that error rates spike significantly when involving faces of folks of color, especially Black women, as well as trans and nonbinary people. But despite heightened inaccuracy for members of vulnerable communities often targeted by the police, that hasn’t stopped law enforcement from widely adopting and using this unreliable tool to identify suspects in criminal investigations.

EFF, along with Electronic Privacy Information Center (EPIC) and the National Association of Criminal Defense Lawyers (NACDL), filed an amicus brief in this case on behalf of the defendant, arguing that the court should allow robust discovery regarding law enforcement’s use of facial recognition technology.

The court agreed. Information about the substantial risk of error in facial recognition technology (FRT) shown by the defendant’s expert witness and amici, including EFF, “provide us with convincing evidence of FRT's novelty, the human agency involved in generating images, and the fact FRT's veracity has not been tested or found reliable on an evidential basis by any New Jersey court,” the three-judge appellate panel said.

In Arteaga, a facial recognition search conducted by the New York Police Department for New Jersey police was used to determine that Arteaga was a match of the perpetrator in an armed robbery at a store in New Jersey.

Here’s how it worked. New Jersey detectives generated a still image of the suspect derived from surveillance camera footage. It was first analyzed by New Jersey investigators, who found no matches for the image in their face scan databases. The detectives then sent all surveillance footage to the facial recognition section of the New York Police Department Real Time Crime Center (RTCC). A center detective captured a still image from the footage, compared it against the center's databases, and offered Arteaga as a "possible match.” New Jersey detectives showed his image to two witnesses, who identified him as the robber.

Despite the centrality of the match to the case, nothing was disclosed to the defense about the algorithm that generated it, not even the name of the software used. Mr. Arteaga asked for detailed information of the search process, with an expert testifying the necessity of that material, but the trial court denied those requests.

Police should not be allowed to use “black box” technology developed by private software makers in criminal cases without scrutiny. It is impossible to know exactly how the software’s algorithms reach their conclusions without looking at their source code. Each algorithm is developed by different designers and trained using different datasets.

Defendants must be allowed to examine FRT in its entirety. And that includes the description of the entire process, databases of faces used, the source code of the software, and where human input is incorporated. Though human judgment is argued to cure algorithmic errors, in reality, humans are more likely to make the same kind of errors, thereby compounding the issue of bias and inaccuracy for the same demographic groups. This is why it should come as no surprise that facial recognition searches routinely result in wrongful arrests.

The court in Arteaga appreciated this, and ruled that under the “Brady rule,” which requires the government to provide all material evidence that might exculpate the defendant, Mr. Arteaga was entitled to information regarding the FRT used. The court soundly rejected the state’s argument that it was speculative whether the FRT information would be exculpatory. It reminded the prosecution that “[g]iven FRT's novelty, no one, including us, can reasonably conclude without the discovery whether the evidence is exculpatory"

Facial recognition is being used around the country to identify suspects, and we hope other courts recognize that the constitutionally protected right of due process demands that defendants be allowed to examine and question the reliability of this often faulty technology.

This is part four of an ongoing, five-part series. Part one, the introduction, is here. Part two, about breaking up ad-tech companies, is here. Part three, about banning surveillance ads, is here. Part five, about enshrining "end-to-end" delivery on social media, is here. Download this whole series as a single PDF.

When Steve Jobs unveiled the iPad in 2010, he didn’t just usher in a new kind of computing device - the first mainstream touchscreen tablet - he also promised a new model for internet-based publishing: paid subscriptions.

Jobs railed against the world of advertising-supported web publishing, correctly identifying it as the pretense for the creation of a vast, dangerous unaccountable surveillance system that  the private sector would build, but which cops and spies enjoyed unfettered, warrantless access to.

Jobs promised a better internet: he promised publishers that if they expended the capital to build apps for his new tablets, that he would free them from the increasingly concentrated and aggressive surveillance advertising sector. Instead of paying for journalism with ads, Jobs promised that publishers would be able to sign up subscribers who’d pay cash money, breaking the uneasy coalition between surveillance and journalism.

Publishers piled in, spending billions in aggregate to fill Apple’s App Store with apps that let readers pay directly for the news. Readers followed - not in the numbers that Jobs had alluded to, and not for every publisher, but for many publishers, apps were a lifeline.

Apple’s App Store started off with a pretty straightforward proposition: when publishers sold an app to readers, Apple would process the transaction and take a 30 percent cut. After that, publishers could use any payment processor they wanted - including Apple - to handle future purchases, such as per-article fees, recurring subscriptions, or other transactions.

But as the iPad - and other devices that tapped into the App Store, the iPhone and iPod - grew in prominence and became more structurally important to publishers’ businesses, Apple altered the deal. 

In 2011, Apple announced that every in-app transaction had to be processed by Apple, and that Apple would take a 30 percent commission on all revenues generated by every app user. To ensure that publishers didn’t do an end-run around this new deal, Apple banned apps from directing users to the web to process payments.

Google Play, the Android app store, has nearly identical policies. Nominally, users can install third party app stores on their Android phones, but in practice, Google uses a variety of commercial, technical and psychological tricks to prevent this.

The net result of this is that 30 percent of every in-app subscription or micropayment dollar is siphoned off by either Google or Apple. In a world where large merchants can get their payments processed for 2-3 percent, that is a massive cash-grab. 

The fact that Apple and Google charge 1,000% more to process transactions than other payment processors tells us that they do not fear outside competition. The fact that they both charge many publishers the same outrageous commissions tells us that they don’t compete with each other, either.

Competition in mobile app stores would open up competition for mobile payments, and that would drive prices down to the industry norm of 2-3 percent. That means that every news organization that receives subscription payments through an app would see an increase of 25 percent or more for each and every one of those payments (and news companies that don’t accept mobile payments at all because of the high fees could start).

The EU is well on its way to making this a reality. The new Digital Markets Act requires mobile companies to offer simple, secure access to rival app stores. In the USA, the Open App Markets Act, a Senate bill introduced in the last session, would do the same.

The app store duopoly claims that opening up app stores would necessarily expose users to security risks. This is not true: a thoughtful, careful approach could maintain app store security while liberating the news - and every other app-based business - from the 30 percent commissions claimed by the tech giants.

Download this whole series as a single PDF.

Catch up on the latest news in the digital rights movement with our EFFector newsletter! Our latest issue is out now, and it is jam packed with updates, from decisions made by the Supreme court on Section 230 and fair use cases, to EFF's investigation into California police agencies sharing drivers' location data with law enforcement agencies in other states. You can read the full newsletter here, or listen to the audio version below!

Listen on YouTube

EFFector 35.7 - EFF at RightsCon 2023

Make sure you never miss an issue by signing up by email to receive EFFector as soon as it's posted! Since 1990 EFF has published EFFector to help keep readers on the bleeding edge of their digital rights. We know that the intersection of technology, civil liberties, human rights, and the law can be complicated, so EFFector is a great way to stay on top of things. The newsletter is chock full of links to updates, announcements, blog posts, and other stories to help keep readers—and listeners—up to date on the movement to protect online privacy and free expression. 

Thank you to the supporters around the world who make our work possible! If you're not a member yet, join EFF today to help us fight for a brighter digital future.

The U.S. Patent Office has proposed new rules about who can challenge wrongly granted patents. If the rules become official, they will offer new protections to patent trolls. Challenging patents will become far more onerous, and impossible for some. The new rules could stop organizations like EFF, which used this process to fight the Personal Audio “podcasting patent,” from filing patent challenges altogether. 

If you have a personal experience with patent troll attacks, please mention it. Comments are not anonymous and you should use your real name. 

TAKE ACTION

Tell USPTO To Work For the Public, Not Patent Trolls

We need EFF supporters to speak out against this proposal, which is a gift for patent trolls. We’re asking supporters who care about a fair patent system to file comments using the federal government’s public comment system. Your comments don’t need to be long, or use fancy legalese. The important thing is that everyday users and creators of technology get a chance to state their opposition to these rules.

Below this paragraph you can see a simple proposed comment you can cut-and-paste to express your opposition to the rules. It's even better if you add one sentence or more to the comment, especially if you can mention your own experience with the patent system. Of course, you can also write your own original comment. 

Sample comment: 

I am opposed to the USPTO’s proposed rules changes for inter partes review (IPR) and other patent challenges. These proposed rules should be withdrawn, and the IPR process should remain open to all. The USPTO should follow the rules Congress set out, and consider all patent challenges, including IPR petitions, on their merits. 

The Patent Trial and Appeal Board, or PTAB, is one of the only places in the nation where patent trolls can be held to account for the outrageous and harmful claims they make in their patents. Congress created the “inter partes review” (IPR) process, which is overseen by specialized PTAB judges, more than a decade ago. “Inter partes” simply means “between the parties,” and the IPR process allows members of the public to challenge patents that never should have been granted in the first place. 

The IPR process is one of two main ways to challenge patents, along with challenging them in district court. The big difference is that the IPR process, while not simple or cheap, is much faster and cheaper than going to trial in federal court. Invalidating a patent in court can cost millions of dollars, while even a complicated IPR process costs a fraction of that. 

Through IPR, thousands of patents have been thrown out. The patent challengers who have kicked out some of these wrongly-granted monopolies have protected not just themselves, but countless other hobbyists, software developers, small businesses, and nonprofits, who could no longer be threatened with some of the worst patents to slip through the cracks. 

• A patent troll called WordLogic tried to shake down Wikipedia for $30,000. Once PTAB gave its initial ruling—that WordLogic’s patent was likely invalid—WordLogic got smart and settled the case. The lawsuits WordLogic was pushing against Wikipedia, and many other organizations, were dropped. 
• A patent troll called SportBrain Holdings sued more than 80 companies on a patent they said covered getting user data, then sharing it over a network and providing feedback. The patent did not hold up to serious analysis. When a panel of PTAB judges looked at it, they canceled all claims. SportBrain was challenged by Unified Patents, a membership-based for-profit company that will be explicitly banned if the USPTO enacts these troll-friendly rules. 
• Shipping and Transit LLC (formerly Arrivalstar) filed for bankruptcy in 2018 after more than a decade of litigation and 500 patent lawsuits. Shipping and Transit sued a vast array of retailers and shippers, claiming its patents covered almost any type of delivery notification. In its court filings, it valued its own portfolio of 34 U.S. patents at $1. IPR filings against Shipping and Transit, together with court fee orders, were a critical part of ending this onslaught against small business. 

The IPR process hasn’t eliminated patent trolling. But it’s been so effective that patent trolls and their pro-patent protectors absolutely hate the process. That’s why they are pushed so hard for these proposed rules, and are celebrating their arrival. 

USPTO Director Kathi Vidal has already tried to walk back responsibility for these rules. She said in Congress last month that the rules “giving stakeholders a chance to shape the rules.” But the only “stakeholders” who seem to have had a hand here are patent trolls and large patent-holders.

Many patent trolls would be exempt from IPRs altogether. The USPTO would prohibit anyone from challenging the patents of “small entities” and “under-resourced inventors.” But it’s trivially easy for even the most litigious patent trolls to portray themselves as “small inventors.” It happens all the time, and the USPTO rules buy into this sham. Many “inventors” are patent attorneys who have learned to game the system; they haven’t invented anything other than patents. Patent trolls that have sued hundreds of small businesses, and even public transportation systems, including Shipping and Transit LLC and various Leigh Rothschild entities, have claimed to be “inventor owned” businesses. 

If these rules were in force, it’s not clear that EFF would have been able to protect the podcasting community by fighting, and ultimately winning, a patent challenge against Personal Audio LLC. Personal Audio claimed to be an inventor-owned company that was ready to charge patent royalties against podcasters large and small. EFF crowd-funded a patent challenge and took out the Personal Audio patent after a 5-year legal battle (that included a full IPR process and multiple appeals). 

TAKE ACTION

We have a right to fight back against patent trolling

The rules create an upside-down world in which people who work to challenge patents are treated as the abusers of the system, rather than the patent trolls they’re up against. For instance, the rules would punish groups that file “serial petitions” or “parallel petitions” by simply denying them access to the PTAB. It also creates new rules denying petitions “to ensure that certain for-profit entities do not use the [] processes in ways that do not advance the mission and vision of the Office to promote innovation.” 

But it’s the patent office’s own wrongly granted patents—each one a 20-year government-granted monopoly—that often inhibit innovation. USPTO patents have allowed business models like Lodsys, the company that sent out hundreds of threats to small app developers demanding royalties for using basic, off-the-shelf in-app payment systems. The office has done nothing to rein in patent trolls; but now that there’s a system that can occasionally challenge them. 

This is wrong. It’s in the public interest to challenge patents and test which ones are wrongly granted. All properly timed and filed patent challenges should be heard on the merits, whether they are filed by for-profits, non-profits, large entities or individuals. That’s what Congress envisioned when it created the patent challenge process. 

The IPR process was created by Congress in 2013 to resolve certain patent disputes more quickly and efficiently than courts could. When evidence is presented that there is “prior art,” or previously existing technology, that should have prevented the patent from issuing, the IPR process allows for a relatively quick quasi-judicial process that can result in patent claims being revoked. 

The IPR process was created after a long debate by elected representatives. If Congress wants to change the system, they’re able to do so. But USPTO officials must not be allowed to cripple patent challenges from the inside. 

As USPTO’s own statistics point out, it’s actually a tiny sliver of “live” patents that are even challenged, much less invalidated. In the last fiscal year, the USPTO partly invalidated 350 patents. Compare that to the 300,000 patent grants USPTO is handing out every year. 

The U.S. patent system remains wildly imbalanced—in favor of patent owners, not patent challengers. These proposed rules show that USPTO has it backwards. Please join us and speak out through the public comment process. No one should tolerate a patent troll takeover at PTAB.  

TAKE ACTION

Tell USPTO To Work For the Public, Not Patent Trolls