California Governor Newsom's Broadband Plan Lays Important Foundation and Opens Possibilities

3 months 1 week ago

On August 14, 2020, Governor Gavin Newsom issued an executive order to establish a state goal of 100 mbps download speeds for all Californians, citing the 2 million Californians who lack access to high-speed broadband today. This announcement is significant, as it firmly illustrates that the state of California believes the federal definition of broadband is no longer sufficient to estimate modern needs.  It is completely right in doing so. The federal definition of broadband lost its relevance long ago,  and it is both useless and harmful as a means to measure equality of access.

While the governor acknowledged that a 100 mbps download speed does not deliver speeds synonymous with fiber networks, the emphasis on high-speed access holds a lot of overlap with fiber infrastructure. Inherently, any network delivering these types of speeds requires fiber to some degree. If done right, Governor Newsom’s broadband plan could be the stepping stone towards universal fiber that all communities need to embrace to compete in the gigabit era that 21st-century economies are entering.

Any Infrastructure Plan Pushing 100 mpbs To All Californians Needs To Have Fiber at Its Core

Fiber is the universal medium of 21st-century broadband access. EFF’s engineering analysis found that fiber is vastly superior to copper, cable, and wireless last mile options in terms of upper capacity and its future-proofed characteristics. This is why China, the other advanced Asia markets, and the EU have adopted universal fiber infrastructure plans as government policy. And while the United States desperately needs to play catch up, the House of Representatives recently passed a plan that would effectively deliver a fiber connection to every American household—showing a growing awareness of the need to build the infrastructure.

As the legislature and executive branch in California begin to formulate a strategy to deliver 100 mbps download speeds to all Californians, they must avoid efforts to preserve the existence of last century’s legacy providers. There is no future in the copper infrastructure for broadband, in the long run, as major telecommunications companies such as Frontier Communications enter bankruptcy for being too copper-heavy. (And now they want to transition to fiber). Wall Street analysts are warning private investors away from telecommunications providers that aren’t investing into fiber today, and the state should follow suit for good reason. Speed-capped networks dependent on legacy infrastructure are rapidly approaching obsolescence. They will cost the state more in the long run, as compared  to simply focusing on pushing out fiber as the goal.

If the Governor’s plan results in a systemic approach to push even a single fiber-optic wire deep into unserved markets, it will be transformative for the California economy—so long as access to that wire is open for follow on users. A single fiber wire can be leveraged by future efforts to extend those fiber wires to homes and businesses, while enabling high-speed wireless services sooner as an interim step.

To give an example, look no further than the story of Dillon Beach, CA. There, 400 residents lacked high-speed access a handful of years ago. But today, they have access to 250 mbps/150 mbps wireless broadband at $50 a month. This happened because a parent who needed to get high-speed Internet to their home for their child’s schoolwork paid AT&T $12,000 to allow him to string one fiber line to his garage. The capacity from  a single wire allowed him to launch a startup ISP with off-the-shelf hardware to deliver high-speed broadband to the broader community.

This type of enabling force makes fiber a critical infrastructure to push to all communities. It is the road towards the 21st-century Internet. And EFF will work to ensure policymakers in Sacramento do not lose track of the end goal of getting everyone on equal 21st-century ready broadband connections.

Ernesto Falcon

Civil Rights and First Amendment Defenders Urge First Circuit to Require a Warrant for Border Device Searches

3 months 1 week ago

Last month, EFF, along with co-counsel ACLU and ACLU of Massachusetts, filed a brief in Alasaad v. Wolf urging the U.S. Court of Appeals for the First Circuit to require a warrant for searches of electronic devices at the border. In fiscal year 2019, border officers searched over 40,000 electronic devices, more than an eight-fold increase since 2012. Because of the significant privacy interests that travelers have in the digital data on their devices, we argued that the government’s warrantless, and usually suspicionless, searches and seizures of electronic devices violate the First and Fourth Amendments to the U.S. Constitution.

Seven amicus briefs were filed in support of our position:

  • Advancing Justice - Asian Law Caucus and law firm WilmerHale, on behalf of 24 civil rights organizations including the Council on American Islamic Relations, the Center for Constitutional Rights, and the CLEAR Project, filed an amicus brief highlighting how the government’s border search policies disparately target members of the Arab, Middle Eastern, Muslim, and South Asian communities, and that a warrant standard can help curtail discriminatory profiling.
  • The Constitutional Accountability Center filed an amicus brief discussing how the Fourth Amendment’s protection of personal papers from searches requires border officers to obtain a warrant or, at minimum, have reasonable suspicion before search.
  • The Yale Media Freedom and Information Access Clinic and law firm Brown Rudnick, on behalf of 18 First Amendment legal scholars, filed an amicus brief focusing on the privacy dimension of free expression and explained that the First Amendment requires a warrant for border searches of electronic devices.
  • The Harvard Cyberlaw Clinic, on behalf of the Harvard Immigration and Refugee Clinic, filed an amicus brief arguing that border device searches have profound chilling effects on free speech, which unduly impacts immigrant communities.
  • The Knight First Amendment Institute at Columbia University, the Reporters Committee for Freedom of the Press, and 12 media organizations filed an amicus brief that underscored the implications of electronic device searches at the border on the rights of journalists, and argued that a warrant is necessary under the First and Fourth Amendments.
  • The National Association of Criminal Defense Lawyers filed an amicus brief highlighting the impact of border device searches on criminal defense attorneys who often carry sensitive information relating to clients, and argued that a warrant is necessary under the Fourth and Sixth Amendments.
  • Law firm Covington & Burling, on behalf of the Center for Democracy and Technology, Brennan Center for Justice, R Street Institute, and TechFreedom, filed an amicus brief focusing on the intrusiveness of so-called “basic” searches and argued that the Fourth Amendment requires a warrant, or at least reasonable suspicion, for border searches of electronic devices.

EFF, ACLU, and ACLU of Massachusetts originally filed this lawsuit in September 2017 on behalf of 11 travelers, 10 U.S. citizens and one permanent resident, who have all suffered warrantless, suspicionless device searches due to the government’s policies.

In November 2019, the district court ruled that border officers must have reasonable suspicion that a device contains digital contraband for any search of the device’s digital content. As part of this ruling, the district court concluded that wholly suspicionless device searches at the border are unconstitutional. The government appealed on this issue, and we cross-appealed on the issue of whether border device searches actually require a warrant.

We are proud to see a diverse array of organizations and individuals who have filed briefs to support a warrant standard for border searches of electronic devices. We anticipate that the First Circuit will hear our case later this year or in early 2021.

Related Cases: Alasaad v. McAleenan
Saira Hussain

Future Ada: Tech Organizing Through an Intersectional Lens

3 months 1 week ago

Ada Lovelace's work on the first analytical engine helped lay the path for our modern world and continues to serve as an inspiration to people worldwide, including Electronic Frontier Alliance member Future Ada.

Based in Spokane, WA, Future Ada was founded in 2017 to advance opportunities and support for underrepresented genders in science, technology, engineering, art, and mathematics. That same year, Forbes noted that closing the gender gap could increase U.S. Gross Domestic Product by two trillion dollars, yet work environments in many of these fields are so hostile to women that over fifty-percent will leave the sector as a result.

"Just because you're not a master at your skill or you don't have something published in your name, doesn't mean you can't bring something to your field."

Since their launch, Future Ada has grown into the understanding that establishing a genuinely representative sector requires an intersectional approach, and that creating inclusive spaces, where individuals from all diverse backgrounds want to be, is key to that mission. In the days leading up to our recent collaboration on panels at this year's HOPE and DEF CON conferences, I spoke with Rebecca Long and Emilie St-Pierre—respectively Future Ada's founder and Security Ambassador—to find out what they've learned since the group’s founding, and how they have adapted to the needs of their community and this unprecedented moment.

How did the idea for Future Ada come about? What inspired it and what were some of the first steps you took toward making it a real thing?

In 2017, I was really struggling with my career. As a woman in tech, I was dealing with some discrimination and sexism in my own career, and I wasn't feeling supported by the leadership in my company. Honestly, I was feeling like I should quit all of tech. I felt like, ‘nobody wants me here, I don't feel welcome, and the messages that I'm getting are that I am not good enough to be here—and no one wants to help me improve to meet whatever mysterious gap that no one will disclose, then maybe I should just go do something else.’ Thankfully, I ended up going to a conference called Write/Speak/Code that happened to be nearby in Portland that year. I went with another woman on my team who's a developer. At this woman- and non-binary-specific tech conference, they had everyone divide up into two groups. One was for the people who were newer in their careers, and one who was for people who were further along. I ended up in that [second] group.

Throughout the week, we had to come up with projects and talk about them. At first, I didn’t know what to do. Then I got a text message from an old boss—also a woman—and she was expressing the same feelings. That’s when I got mad. I felt like, ‘maybe I don't belong here, but I'm sorry, I know for a fact that you belong here because you're awesome.’ I thought, what kind of nonsense is this that we're both feeling like we're being driven out of tech? I have a ton of experience—over a decade of experience at that point—and she had even more than me. I felt, ‘we're well trained and we have every right to be here.’ So, I channeled that into this project at the conference. I decided I was going to create a nonprofit.

I was already running a user group called Spokane Geek Girls and active in the community. I had already been feeling like there was more I wanted to do to help people that were coming to me for mentoring, and help, and feeling similar to me. I had this idea of a nonprofit that would be what I’d need. But, I also felt like ‘no, I don't know how to do that. I have no idea how to start a non-profit or run an organization. That's just a ridiculous idea.’ But it was at this conference I decided, nope, that's not a ridiculous idea. This is really important and I'm going to find out how to do it. So, I bothered all of the organizers of this conference to tell me everything they knew. How do I do this?

I made some friends and they helped me develop our original mission statement and our name. They were all wonderful soundboards for me. There hadn’t been anything like this in Spokane. I just tried to channel all of my anger at the industry for lack of support and all that I'd been experiencing. I thought ‘we need to do better. We need to channel that into positive energy, and I want to help other people.’ It helps me to help other people and I know other people are in similar states. Maybe they don't feel comfortable speaking up, or maybe they just haven't woken up to what's going on around them. Maybe they don't understand why they're never getting that promotion or why they're not getting these career opportunities.

It sounds like maybe that conference was an awakening moment for you in the way that you and other women were experiencing Imposter Syndrome. Are there any tools or strategies that you've been able to use that help women identify that that's what they're feeling and overcome that?

Every speaker—and these are folks who are accomplished, wrote books, high-level management—and they're like ‘I also feel this way.’ And it was just like, ‘what!?” That's incredible. At some level, I'd always known that. But I think hearing it, and hearing it again, and hearing everyone share their stories, that was most powerful for me. Because you feel that you aren’t good enough right now, that doesn't mean that you actually aren't good enough. It's a facade that society or various things are trying to tell you and convince you of.

Hearing other people, who are very successful, talk about that kind of stuff, and share their stories and how they work through it—even if it's ‘I just powered through,’ that’s been really helpful for me.

I try and speak about this stuff and be open with my own experiences with people, and help others know that it's okay if you are also feeling this way. That doesn't mean that you have to stop. That doesn't mean that you don't belong here. It doesn't mean that you don't deserve a promotion or that nice salary or whatever your dream job is. You can still make an impact.

In the last few years, I’ve been picking up the storytelling mantra as a tool. I want to highlight other people's stories and give people a platform, so they feel safe to talk to me about their story and I can share, with them, my story.

One of the other things that, thankfully, Emilie was able to bring was an emphasis on security.  Security has always been a passion of mine but it's always been on the side, because it's not really my main job. So, I've been really happy Emilie's been able to help bring some of that to our organization with our open office hours and with our security workshops. To really make these things approachable for the whole community. We want everyone to feel like technology and all of these things are safe, and you can do it. You don't have to be some math genius to do any of this stuff.

Emilie, have you had any experiences with Imposter Syndrome or starting to buy into folks devaluing your work or your contribution?

Yeah, fully. To this day it comes and goes. I have to say, sometimes it’ll come back in moments where I'm going through something hard at work. But I definitely had Imposter Syndrome when I was new to the security industry. I'd hang out at conferences like DEF CON when I was still new. I was learning a lot, but even though I had some skills, I constantly compared myself to the security researchers that had found vulnerabilities. These people that were presenting at these conferences, I was like ‘well, I don't have something like that to bring to the table’ so I just figured I wouldn't belong. But just because you're not a master at your skill or you don't have something published in your name, doesn't mean you can't bring something to your field. I think it took me a while to realize that. Later on, training people that were new to the field helped me realize that. ‘Oh, I can easily tell this person what they can bring to the field so why is it harder to say that to myself?’ I've gotten better with that over time, but it's very relatable.

The name Future Ada, I imagine it's an ode to Ada Lovelace, but can you talk a little bit about how you arrived at that name?

Yeah, it is totally in honor of Ada Lovelace. I find her very inspiring. Our whole computer industry is thanks to her. We have a tendency—over history—to erase certain people from their contributions. She was one of them. Having her as part of our name, I get to talk about her. I can say, ‘hey did you know that computer science, the whole reason we have technology, is thanks to a woman? Did you know that?’ That's been really awesome.

I want our organization to help create future Ada Lovelaces. Ada Lovelaces of today, of tomorrow, of the next day. Our next generation. Where we're inspiring folks to go out there and break those molds. Because she definitely broke molds back in her day. That's what we need to be doing. That's how you get really awesome things and you can change the world. That's what we were going for when I came up with the name.

How did you find Future Ada, Emilie?

Thanks to the Diana Initiative, which is a small conference that tags alongside others during hacker summer camp. So, DEF CON, Blackhat, and B-Sides Las Vegas. I had just moved to Spokane, and I had already been doing these workshops over in Las Vegas about security and privacy, and had been hosting crypto parties, and I wanted that to continue in Spokane. But, Spokane is different. There wasn't a hackerspace that was open weekly. So, I just focused on seeing what I could do with other folks. When I saw that Rebecca was speaking at the Diana Initiative and it said she was from Spokane, I was so excited. I went to see her talk, and then after the talk let her know I was also from Spokane and that I’d love to do something together. I told her that I’d been doing these workshops and was looking to bring them. She was super receptive and very welcoming. Since then we’ve been doing these workshops. Learning as we go along. Now we get to offer them online, which is really cool. So, yeah, it's been fun to see our partnership grow and where we took it from there.

What are some of the biggest challenges that you faced creating the group and finding the right people?

Maybe I shouldn't have been surprised, but I was surprised that I had people coming to me. I was trying to keep it kind of on the D.L. that I was doing this until I had it really formulated, but word started getting out, and people were saying ‘I want in on this,’ ‘I want to be on your board,’ ‘let me help you.’ That was really inspiring.

Challenges? I'm not a marketing person, that's not my specialty. We don't really have anyone on our board that's a marketing expert. So we learned a lot on that end. I feel like we're learning a lot by doing things wrong. Not wrong, but not very effectively. We think ‘this will work great’. And it works, sort of, but we want to have a bigger reach. Learning more marketing will help us on that front but that takes time. It is a challenge.

We want to be really careful with what we do. We want to make sure that when we expand our board, that we're bringing in the right people. That we’re really mindful about that. We’re also aware of our 100% white board. As we work to expand our board, and organization leadership, we are being mindful to diversify ourselves and bring in better racial perspectives. We are working as an organization to learn how to grow and best speak on the topic of race and injustice. It's a process and it's important so we aren't shying away from it.

Are there any other challenges that you didn't anticipate?

Creating the workshops and letting people know that we are available to help them. We spend time creating these workshops. We spend the time to get volunteers to come to workshops and be there to help folks. I thought our biggest challenge would have been managing the demand, because we literally offer free tech support—and privacy and security support—but it's actually been very easy to do that. We have open hours for folks that we want to help, but we're obviously not reaching as far as we can. For me, marketing is like an alien planet. My background is really privacy and security. I think that's the challenge I've never faced before. And definitely the hardest one from my end.

We've had some really successful programs. We ran March for Science last year in Spokane. It was great. It was kind of a last minute thing. We came in to help as the new parent organization, and it was super successful. We had a huge turnout but that was one event. A one-day thing. And, then we've had other one-day events that have been really successful. But then our recurring workshops aren’t even an hour and we have low turnout. We haven't unlocked that piece yet.

Since moving online because of the pandemic, we've seen higher participation in our workshops, and I feel like we're going to have higher participation across the board. So, we're working to transition everything. Next year when we restart some of our year-long programs, they'll be online or a majority online. Maybe part of our problem is that Spokane is a little different and folks have different priorities, but attending something from home, where they don't have to worry about travel or parking, I think that kind of helps avoid it and it's less of a dent in their day. I'm really hopeful that this actually can be a really positive thing for our organization. and that it also expands our reach outside of Spokane. Anyone can participate. Which is really cool because it helps broaden our reach.

Are there any other partnerships in your area that you’ve found to be effective partnerships?

Emilie’s been working with Volunteers of America.

Yes. With Crosswalk. We teach teenagers about privacy and security. Online privacy and security. We've even done some introductory cryptography stuff. I'm very big on making sure that it's something fun. It’s a puzzle. We actually use some of EFF’s crypto tools for that. At the end of the workshop I told our participants ‘did you know that crypto is math and you just did math?’ They thought it was really fun and really cool. For kids that are maybe told that they're not good at math, or are uncomfortable with the idea of math, after that they realize that there's all sorts of ways to look at math. That's a big partnership for us.

There's another nonprofit in Spokane, that is more of a general tech nonprofit called Inland Northwest Technologists (INT). Our original Vice President came from that organization. He had brought to Spokane, with INT, this event called Code in the Dark. The last two times that event has been held in Spokane, it's been a partnership between that organization and ours. We bring in more of a diversity, and really work to help and make sure it’s an inclusive space. The first few years they ran it, it was nearly all men that were participating. Only men were in the top three winners. October of last year, the last time we held it, was the first time we had a woman win the competition. It was amazing.

We have been trying to work with the YWCA in Spokane, to help bring some of these security principles and privacy principles to their domestic violence survivors. Emily and I are very passionate about that and we want to be supporting this group of our community. We know the YWCA has been very busy. Just in general. So getting the momentum to really get that partnership off the ground has been a little slow. We're still hopeful. We're not going to give up on it anytime soon.

We are already available for service for survivors. When we have our open office hours on Saturdays we are ready to accept survivors. We have a clinical approach to detect compromise. So, we can accept anyone that is in that situation and help them navigate their technology or help them navigate compromises or any kind of stalkerware, spyware. We are ready to do that already.

I think switching to online has been wonderful for certain aspects of what we offer. The workshops are available to a larger population, and more accessible in some ways. My only concern is office hours. We would typically do them downtown at the Spokane Library. This also gave us the opportunity to help homeless folks. We had a few people come in that don't have a computer at home. Don't have a home. How do you make sure that you're helping that population? So that’s something that, when things start to open up, we'll definitely want to make sure that we're not overlooking certain segments of the population that we might be able to help. We said we're going to focus on being very online but not 100% online, because we don't want to miss those folks that we might be able to better serve that way.

No two communities are exactly the same. That’s one of the reasons it’s so critical to have groups like Future Ada that are rooted in and can adapt to the needs of their city or town. What are you finding are the core needs of your community? Is it different from what your original expectations were?

My original intention was really limited. The organization was focused on gender diversity. I thought we would just focus in on that. What I've found is you can't really solve that problem without taking an intersectional approach. If you care about women in tech, then great, you're gonna need to have an inclusive environment. Hey, you know what? That also helps all these other people. So, really, focusing on shifting our mindset to be inclusive and approachable really helps everybody. That's been kind of a shift for me that I guess I was a little surprised with, but I'm really happy that we've made this turn. I'm also learning how many people in our community could use more basic support. Not necessarily learning how to program, but ‘how do I fix this on my browser?’ Really turning folks from being afraid of technology to helping them feel that they can do this. That's been a little surprising to me, but I'm really happy that that's something that we can help with. Wherever the community is, that's where we want to be to help lift everybody up.

What is Future Ada’s decision-making process like? What are the voices that are involved? How do you work together to come to a shared path?

We have different committees. Anything security or privacy related, Emilie is in charge of that. So, anything she says we're probably just gonna back it. We have our career mentoring committee. One of our other board members is responsible for that. It’s the same thing, whoever is responsible for a committee we've entrusted them with leading that and reporting back anything that seems more pivotal or in need of a larger decision. But, generally speaking we meet once a month as a board, and we discuss things on a regular basis. I think we're all pretty much in alignment. We're also still a really small group, board wise, and our committees are still pretty small. Once we get bigger we're gonna need a more formal process, but at the moment we're all pretty well in sync, I think. Emilie, what do you think?

I was smiling when nash asked that question, because I was like ‘how do we come to decisions?’ Well, first we share all of our cats and cat videos during our meeting. And once we've done that, then we start really having these discussions. But what I like is that everyone is very very receptive and generally considers everyone's point of view and opinion really well. It's been a really nice dynamic, and I think it has a lot to do with, you know, starting the meeting off with cat memes and showing off our real cats, if we can. It makes a big difference.

Future Ada’s work to lift up and support Spokane women in STEAM has extended far beyond their local area, while still being focused on the needs of their own community. As members of the Electronic Frontier Alliance they have been instrumental in contributing to the development of related work for allied groups throughout the U.S.

If you are a member of a community or student-led group in your area working to protect digital security, free expression, privacy, creativity and access to knowledge, consider joining the Electronic Frontier Alliance.

Nathan Sheard

Article 17: Germany Shows Creativity, but EFF Wants More

3 months 1 week ago

The implementation of Art 17 (formerly Article 13) into national laws will have a profound effect on what users can say and share online. The controversial rule, part of the EU’s copyright directive approved last year, has the potential to turn tech companies and online services operators into copyright police. It is now up to national Member States to implement the directive and to ensure that user rights and freedom of speech is giving priority over notoriously inaccurate filtering and harmful monitoring of user content.

The initial forays into transposition were catastrophic. Both France and the Netherlands have failed to present a balanced copyright implementation proposal. Now, the Germany government presented launched a public consultation on a draft bill to implement the EU copyright directive. The draft takes a step in the right direction. Options for users to pre-flag uploads as "authorized" and exceptions for every day uses are a clear added value from a user perspective. However, in its current shape, the draft fails to adequately protect user rights and freedom of expression. It seems inevitable that service providers will use content recognition technologies to monitor all user uploads and privacy rights are not considered at all. 

We have therefore recently submitted comments to the German government with recommendations of how to improve the current version. Our message is clear: have the interest of users and freedom of speech in mind rather than solidifying the dominance of big tech platforms that already exist.


Christoph Schmon

An Open Letter to the Government of South Africa on the Need to Protect Human Rights in Copyright

3 months 1 week ago

Five years ago, South Africa embarked upon a long-overdue overhaul of its copyright system, and, as part of that process, the country incorporated some of the best elements of both U.S. and European copyright.

From the U.S.A., South Africa imported the flexible idea of fair use -- a set of tests for when it's okay to use others' copyrighted work without permission. From the E.U., South Africa imported the idea of specific, enumerated exemptions for libraries, galleries, archives, museums, and researchers.

Both systems are important for preserving core human rights, including free expression, privacy, education, and access to knowledge; as well as important cultural and economic priorities such as the ability to build U.S.- and European-style industries that rely on flexibilities in copyright.

Taken together, the two systems are even better: the European system of enumerated exemptions gives a bedrock of certainty on which South Africans can stand, knowing for sure that they are legally permitted to make those uses. The U.S. system, meanwhile, future-proofs these exemptions by giving courts a framework with which to evaluate new uses involving technologies and practices that do not yet exist.

But as important as these systems are, and as effective as they'd be in combination, powerful rightsholder lobbies insisted that they should not be incorporated in South African law. Incredibly, the U.S. Trade Representative objected to elements of the South African law that were nearly identical to U.S. copyright, arguing that the freedoms Americans take for granted should not be enjoyed by South Africans.

Last week, South African President Cyril Ramaphosa alarmed human rights N.G.O.s and the digital rights community when he returned the draft copyright law to Parliament, striking out both the E.U.- and U.S.-style limitations and exceptions, arguing that they violated South Africa's international obligations under the Berne Convention, which is incorporated into other agreements such as the WTO's TRIPS Agreement and the WIPO Copyright Treaty.

President Ramaphosa has been misinformed. The copyright limitations and exceptions under consideration in South Africa are both lawful under international treaties and important to the human rights, cultural freedom, economic development, national sovereignty and self-determination of the South African nation, the South African people, and South African industry.

Today, EFF sent an open letter to The Honourable Ms. Thabi Modise, Speaker of South Africa's National Assembly; His Excellency Mr. Cyril Ramaphosa, President of South Africa; Ms. Inze Neethling, Personal Assistant to Minister E. Patel, South African Department of Trade, Industry and Competition; and The Honourable Mr. Andre Hermans, Secretary of the Portfolio Committee on Trade and Industry of the Parliament of South Africa.

In our letter, we set out the legal basis for the U.S. fair use system's compliance with international law, and the urgency of balancing South African copyright with limitations and exceptions that preserve the public interest.

This is an urgent matter. EFF is proud to partner with NGOs in South Africa and around the world in advocating for the public's rights in copyright.

Cory Doctorow

No to Expanded HHS Surveillance of COVID-19 Patients

3 months 1 week ago

The federal government plans to process more of our personal data, in the name of containing COVID-19, but without showing that this serious privacy intrusion would actually do anything to protect public health. EFF filed comments in opposition to these new plans from the U.S. Department of Health and Human Services (HHS).

The U.S. Centers for Disease Control (CDC) leads our nation’s efforts to contain infectious diseases. Thus, CDC for decades has managed the federal government’s processing of personal data about infection. It did so during the early months of the COVID-19 outbreak. But in July 2020, HHS stripped this tracking authority from the CDC, and transferred it to a new program called “HHS Protect.”

HHS issued two new Systems of Records Notices (SORNs) about this new HHS program. The federal Privacy Act requires federal agencies to issue SORNs to advise people about personally identifiable information that the government maintains about them.

Unfortunately, HHS Protect poses a grave threat to the data privacy of all Americans. As set forth in the SORNs, it would greatly expand how the federal government collects, uses, maintains, and shares all manner of personal information. We highlighted the following ways that HHS Protect would substantially burden privacy without a necessary or proportionate benefit to protecting public health.

New data collection. The SORNs would allow collection of personal information about physical and psychological health history, drug and alcohol use, diet, employment, and more. Data collected would also include “geospatial records,” which countless research has shown is difficult to de-identify. Data would be collected not just about people who test positive, but also about their family members, as well as people who test negative, and perhaps people who have not tested at all. Data would be collected from countless different sources, including federal, state, and local governments, their contractors, the healthcare industry, and patients’ family members.

New data sharing. The SORNs would allow sharing of these vast sets of data with additional federal agencies, unspecified outside contractors, and even “student volunteers.” These additional federal agencies would be allowed, in turn, to share the data with their contractors. Patient consent would not be required for this sharing.

New data use. The SORNs would allow use of this data in litigation and “other proceedings” whenever the federal government has “an interest” in them (such use now is allowed only when HHS is a defendant in litigation).

New data storing. The SORNs would allow permanent retention of data with “significant historical and/or research value” (retention now is limited to four years).

No doubt, the ongoing COVID-19 crisis requires a coordinated governmental response, which in turn requires robust data concerning the spread of the disease. But HHS has made no showing that CDC’s existing epidemiological data systems are not up to the task.

Thus, EFF filed comments with HHS, asking the agency to withdraw these two SORNs. They violate the Privacy Act and create new threats to privacy without any showing of public health benefit.

Adam Schwartz

Personal Telco Project: A Case Study in Community Connectivity

3 months 1 week ago

The necessity to work from home as a result of the COVID-19 outbreak has highlighted the need for fast, reliable and affordable broadband internet. It is indisputable: access to the internet is essential. There has long been an acknowledgment that the connectivity disparity in America is only serving to widen the income gap. However, before the term ‘digital divide’ was coined a small group in Portland, Oregon set about addressing the shortcomings in connectivity that their community faced.

For the past twenty years, the Personal Telco Project (PTP) has been creating a network in Portland using a mesh system, whereby homes and businesses (hosts) would use their existing internet connection as a ‘node’, making Wi-Fi connections available to the public. As participation in the network grew, the speed and coverage of this network improved.

I had a conversation with Russell Senior, President of the Personal Telco Project. We discussed the origins of the groups, the impact it had on Portland Internet culture and what they did to address the immediate needs of the community. We also looked at solutions to the broader issue of the digital divide in Portland.

Lewis: Can you tell me how the group got started? What was the pressing need at the time?

Russell Senior: It started as a result of three things: The dot com bubble had burst and tech workers who had been accustomed to what was at the time high-speed Internet in their offices, were suddenly at home, where they didn’t have fast Internet connections.

The second factor was that Wi-Fi gear had started to become more accessible. You could go to a store and buy a router or a PCMCIA card and plug it into your laptop.

Finally, the founder of the group, Adam Shand, saw an article on Slashdot about a group in London called ‘’ where people were using Wi-Fi technology to create a community wireless network, and he was inspired to do something similar in Portland. That was in the year 2000, and that was the beginning of the Personal Telco Project.These people were realizing that the telecommunication infrastructure and the constraints that bigger operators were imposing, were not satisfying their needs, so they decided try to build an alternative infrastructure.

In 2003 we became a 501c3 nonprofit and the network was growing pretty rapidly. In 2005 we received a grant of about $15,000 to build an outdoor network in a low-income neighborhood along Mississippi Ave and asked for people to help. By chance, that’s when I started coming to meetings. I had been aware of the project for some time, but having young children left me short on time. Once my kids were a little older, I decided to get involved. At the first meeting, they announced they had just been awarded the grant from Meyer Memorial Trust, and issued a Call for Participation. I showed up at the kickoff meeting  with a GPS device and was immediately appointed leader of  the recon team which was used to go around the neighborhood and scout locations.

In the early days, our monthly meetings had several dozen attendees. Installs would draw a dozen volunteers. Over time, there was an attrition on membership as the network infrastructure had been built which was more labor intensive. PTP is currently an active group of about six people. Node hosts are a more passive kind of volunteer, and there are perhaps 50-60 of them

LWG: What were the technological challenges for PTP?

RS: The primary barrier was the quality of open source drivers for wifi radios. In those days, Linksys WRT54G’s were commonly used, as you could put alternate firmware on them, but the big issue was that they had radios made by Broadcom, which had drivers that were not open source. As a result, you were pinned to a LINUX kernel, which allowed limited changes. The best option at the time was a series of radios made by Atheros that were open-source-ish. For the Mississippi Grant Project, the key feature we needed was WDS (Wireless Distribution Systems).

We were deploying single board computers in a little enclosure on the roofs of buildings and using 5GHz to do backhaul between the buildings and then a 2.4GHz a radio in the same box that would provide local coverage for devices to connect to.

LWG: Were there difficulties in finding hosts?

RS: It is difficult. Ideally, you would have some sort of friendly outreach person to go around and promote the network and tell people how great it is. We did have a person like that in the early days, Nigel Ballard, who would go around to local coffee shops, and in the course of getting coffee, would promote the idea of a wifi network to the businesses. This was in the early days of wifi generally, so it was new to many people, and they were only beginning to understand what it was and how it could benefit them and their communities.

At peak, we had around 140 networks, around 30 of which were networks that we didn’t establish directly, but we let them use our SSID.

LWG: How did ISPs respond to this? Was there ever any issue with them?

RS: In the early 2000s in Oregon we had a vibrant DSL based ecosystem, which was essentially an open access network. There were so many ‘Mom and Pop’ dial-up ISPs in Oregon. There were instantly dozens of options to choose from once you signed up with a phone company to get DSL. The telecoms also created their own, but many people already had existing relationships, so they stuck with them once DSL came in.

There were so many locally-owned ISPs that liked what we were doing and felt that we were good for business. Whereas the bigger provider was hostile, as the idea of users sharing a network was seen as a threat to their revenue. When we would help create a network, we would provide the host with a list of ISPs that we knew wouldn’t give them problems, and recommend that the person go with one of them. No one, to my knowledge, was ever hassled by an ISP.

LWG: Did the group overestimate the scalability of wireless networks?

RS: I think our enthusiasm for the wireless stuff and building a mesh network was born out of an ignorance of what wasn’t possible. We thought we could build an alternative infrastructure. We didn’t have the density of individuals to make a widespread network.

In the very early days, we didn’t understand the limitations of the thing. We had a particular problem with the physical geography of Portland, in that most of the footprint is flat, with short houses and tall trees, which made line-of-sight difficult over anything but short distances.

LWG: As Wi-Fi is much more commonplace now, has the opportunity for PTP to create networks decreased over time?

RS: I think the perceived need to have us help people build their network has decreased. We still offer something most small businesses and individuals can’t do for themselves, which is a set of management tools on a gateway router that allows us to deal with abuse, if it occurs. These tools generally aren’t available on consumer off-the-shelf access points. 

We also offer a community vibe, that lets small businesses say, “hey, we are a member of the community and we work with these community organizations to benefit the community.” We like to think we helped normalize the idea that a coffee shop should provide free Wi-Fi. It was easy to try and commodify Wi-Fi access for small businesses, but we went in with the attitude of ‘we will help you create this network, we will do it for free, but you can’t charge people to use it.’ ‘It should be free for your customers and you will generate goodwill between the customers, and this will lead to an increase in business.’ Nowadays, it is really uncommon to have to pay for Wi-Fi access at businesses.

In the earlier days, when we had local media focusing on what we were doing, the Portland International Airport adopted free Wi-Fi throughout the terminals. Another trend we have seen is that the tech nerd demographic lost the enthusiasm for free Wi-Fi when the cell phone data plans became more prevalent.

LWG: Going forward, how do you feel that the digital divide can be addressed for other communities?

RS:  I had always seen Wi-Fi as a more localized technology rather than something that was going to provide people with a sustainable, scalable infrastructure.

Telecommunication has tremendous value. The problem is that the owners of the infrastructure that facilitates telecommunication, particularly last-mile access providers, have so much market power that they can capture a disproportionate share of that value through the prices they charge.

The cost of building the infrastructure has presented a barrier to entry that make it an unattractive investment for second providers, which means that competition is very weak, increasing the market power of the dominant provider. FCC "light touch" regulation has left heavy-handed power in the hands of the access provider. I have concluded that the most practical way out of this situation is for users to directly invest in the access infrastructure so that they can set rules that serve their interests. In the end, it is much cheaper to own than it is to rent.

The underlying philosophy is that ISPs have too much power and we want to circumvent that. So, in order for societies to be able to subsidize the people that need to be subsidized, the price needs to be lowered to a point where it is much closer to the actual cost of providing the service. I think the only way to get to that point, is to own the infrastructure.

So, some model with public ownership, or non-profit, is the only way we are going to get to that price point and not just throwing public resources at a giant company with a huge mouth that gets bigger as its appetite improves. You can’t go to Comcast and say ‘please help us out, we have this sob story of these people that cant internet service.’ They will just keep jacking the price for as much money as they can pry out of the public.

LWG: What are the benefits of making broadband a public utility?

RS: We have seen this approach be effective with other public utilities. The Bonneville Power Administration in the Pacific North-West is a good example of this. The Federal Govt constructed hydroelectric infrastructure on the Columbia River and the electricity is sold wholesale with the prices to market regulated. We have lots of examples of municipal utilities like water and sewer service, and there are parallels to the transportation systems, which are nearly all public infrastructure.

The problem comes back to funding. You can have a bunch of people that form a non-profit, but unless you have bonding authority and can borrow hundreds of millions of dollars, you are not going to get it off the ground. Therefore, the best solution is the most local government you can get to raise the money to build the network. That’s why I think city is the right scale:  Large enough to secure funding but local enough to be responsive to the needs of the residents.

LWG: 5G is touted as the solution to the digital divide by the telecom companies. How do you respond to that?

RS: Cell phone data is the bottled water of the Internet; it is convenient on the go, but it is expensive and always comes with a cap.      

When LTE first appeared, everyone was excited by how fast it was, but the reality is, you can run through your limit in 15 minutes. Sure it is fast, but it is capped, so volume becomes the problem when you are providing that same service to 100 million-plus people. By depending on 5G, you will be at the mercy of your cell phone carrier. 5G infrastructure will depend on fiber cables anyway, so why not just take the fiber to the house?

If anyone thinks that 5G can solve these issues, I would ask them: do you like your cell carrier now? Do you feel like you are treated fairly? Because they will be the same companies controlling the 5G market.

LWG: Can you tell me about your new initiative?

RS: We started a 501c4 advocacy group called “The Municipal Broadband Coalition of America.” Our local campaign is called Municipal Broadband PDX. There had been an exploration of a municipal network in 2007 in Portland, but the issue was fear of risk and a lack of political leadership, possibly combined with philosophical hostility to the public intervening where a private enterprise was operating.

This time around, Multnomah County has been receptive, so far, and we have gained good traction, getting local authorities to invest in a feasibility study. The county has seen the need to address the digital divide as gentrification has driven many people, particularly Black people, out of Portland and into areas that are under-served. The idea of subsidizing these communities to improve their connectivity is being discussed. 

LWG: How has the COVID-19 pandemic affected this issue?

RS:The school board is subsiding families that cannot afford the Comcast Essentials package, so that their children can stay connected to school. This means that the government is pouring money into the large ISPs for a service that is essential. The fact that the internet is essential to everyday life is becoming more obvious every day. 

Our thanks to Russell for his time. Personal Telco Project is still working to expand the mesh network in Portland and reduce access disparity. Through his work with The Municipal Broadband Coalition of America, Russell looks to build upon the work of PTP, by facilitating a better connected society. 

To find an Electronic Frontier Alliance affiliated group near you, visit If you are already part of a grassroots or community group in your area please consider joining the Alliance.

Lewis Gittens

Victory! Court Orders CA Prisons to Release Race of Parole Candidates

3 months 2 weeks ago

In a win for transparency, a state court judge ordered the California Department of Corrections and Rehabilitation (CDCR) to disclose records regarding the race and ethnicity of parole candidates. This is also a win for innovation, because the plaintiffs will use this data to build new technology in service of criminal justice reform and racial justice.

In Voss v. CDCR, EFF represented a team of researchers (known as Project Recon) from Stanford University and the University of Oregon who are attempting to study California parole suitability determinations using machine-learning models. This involves using automation to review over 50,000 parole hearing transcripts and identify various factors that influence parole determinations. Project Recon’s ultimate goal is to develop an AI tool that can identify parole denials that may have been influenced by improper factors as potential candidates for reconsideration. Project Recon’s work must account for many variables, including the race and ethnicity of individuals who appeared before the parole board.

Project Recon is a promising example of how AI might be used to identify and correct racial bias in our criminal justice system.

In September 2018, Project Recon requested from CDCR race and ethnicity information of parole candidates. CDCR denied the request, claiming that the information was not subject to the California Public Records Act (CPRA). Instead, CDCR shuttled the researchers through its discretionary research review process, where they remained in limbo for nearly a year. Ultimately, the head of the parole board declined to support the team’s request because one of its members had previously published research critical of California’s parole process.

In June 2020, EFF filed a lawsuit on behalf of Project Recon alleging that CDCR violated the CPRA and the First Amendment. Soon after, our case was consolidated with a similar case, Brodheim v. CDCR. We moved for a writ of mandate ordering CDCR to disclose the race data.

In its opposition, CDCR claimed it was protecting the privacy of incarcerated people, and that race data constituted “criminal offender record information” and was therefore exempt from disclosure. EFF pointed out that the public interest in disclosure is high—especially since racial disparities in the criminal justice system are a national topic of conversation—and thus was not outweighed by the public interest in nondisclosure. EFF also argued that race data could not constitute “criminal offender record information” since race has nothing to do with someone’s criminal record, but rather is demographic information.

The court agreed. It reasoned that the public has a strong public interest in disclosure of race and ethnicity data of parole candidates:

[T]his case unquestionably involves a weighty public interest in disclosure, i.e., to shed light on whether the parole process is infected by racial or ethnic bias. The importance of that public interest is vividly highlighted by the current national focus on the role of race in the criminal justice system and in American society generally . . . . Disclosure insures that government activity is open to the sharp eye of public scrutiny.  

Accordingly, the court ordered CDCR to produce the requested records. Last week, CDCR declined to appeal the court’s decision and produced the records.

Apart from being a win for transparency and open government, this case also is important for racial justice. As we identified in our briefing, CDCR has a history of racial bias, which the U.S. Supreme Court and California appellate courts alike have recognized. That makes it all the more important for information about potential racial disparities in parole determinations to be open for the public to analyze and debate.

Moreover, this case is a win for beneficial AI innovation. In a world where AI is often proposed for harmful and biased uses, Project Recon is an example of AI for good. Rather than substitute for human decision-making, the AI that Project Recon is attempting to build would shed a light on human decision-making by reviewing past decisions and identifying where bias may have played a role. This innovative use of technology to identify systemic biases, including racial disparities, is the type of AI use we should support and encourage.

Related Cases: Voss v. CDCR
Saira Hussain
2 hours 17 minutes ago
EFF's Deeplinks Blog: Noteworthy news from around the internet
Subscribe to EFF update feed