Blog

The Free Internet Project Announces New Project on Election Security

02/04/2019

OVERVIEW

The Internet has been championed as an instrument to promote democracy, in part due to its open and decentralized nature that enables millions to organize and spread their views, including dissent. Over the past few years, however, many fear that the Internet is being “weaponized” by governments, foreign and domestic groups, and even by large tech companies, in ways that threaten democracy, particularly free and fair elections—which are the bedrock of democracy.* The Free Internet Project is undertaking a new initiative to analyze and address this problem, to provide people with objective analysis of and proposed solutions to the issues countries face in safeguarding elections from interference. To that end, the nonprofit The Free Internet Project announces the launching of Project Safeguarding Elections (PSE). PSE has two main objectives:

1. To track, report, and analyze major incidents of and responses to election interference around the world on a dedicated blog or website. At least five types of issues will be covered:

Fake news: the spread of disinformation and false information online to interfere with an election;
Hacking of political candidates: the hacking of emails and communications of political parties and candidates;
Hacking of voting machines: the hacking of voting machines and tabulation of results
Fake results: the spread of false election results to undermine the true result; and
Duties of corporations and governments: the roles and responsibilities (if any) of the law, governments, and companies to address these problems.

2. To convene experts from different relevant fields to provide opinion pieces and proposed best practices to address these issues around the world.

*See, e.g., Nicolas Weaver, Our Government Has Weaponized the Internet. Here’s How They Did It, Wired, Nov. 13, 2013; Tim Berners-Lee, Tim Berner-Lee is fighting for the web’s future, and he wants you to join him, Quartz, March 12, 2018.

Tm Berners-Lee launches Inrupt and Solid for people to control their personal data

01/20/2019

Tim Berners-Lee, the inventor of the World Wide Web, announced in October 2018 the launch of a new project called Inrupt to launch a new, open-source technology or platform called "Solid." Solid is an ecosystem that enables users to store anything, including personal data, in their own Solid POD (personal online data store), which acts as the interface with other sites. So, instead of "logging in with Facebook" or "logging in with Google," people can "Log in with your own Solid POD." Through your POD, you can control the permission of how much other sites or apps can "read or write" to your POD.

The main thrust of the POD approach is that it enables people to control and limit any sharing of their personal data via their single POD, instead of being beholden to websites such as Facebook or an app's user policy. As the Solid site describes:

You give people and your apps permission to read or write to parts of your Solid POD. So whenever you’re opening up a new app, you don’t have to fill out your details ever again: they are read from your POD with your permission. Things saved through one app are available in another: you never have to sync, because your data stays with you.
This approach protects your privacy and is also great for developers: they can build cool apps without harvesting massive amounts of data first. Anyone can create an app that leverages what is already there.

Berner-Lee took time off from his position at MIT to work on the commercial venture Inrupt. Inrupt is meant to facilitate developers to adopt Solid in their programming and develop new programs incorporating the Solid approach. It's too early to tell how much adoption Solid will get, but it has the potential to radically transform the Internet. For example, in an interview with Fast Compnay, Berners-Lee gave one example of a new home assistant that protects people's privacy, instead of tracking their every word: "one idea Berners-Lee is currently working on is a way to create a decentralized version of Alexa, Amazon’s increasingly ubiquitous digital assistant. He calls it Charlie. Unlike with Alexa, on Charlie people would own all their data. That means they could trust Charlie with, for example, health records, children’s school events, or financial records. That is the kind of machine Berners-Lee hopes will spring up all over Solid to flip the power dynamics of the web from corporation to individuals."

The EU's GDPR (General Data Protection Regulation) goes into effect May 25, 2018

05/18/2018

The new EU General Data Protection Regulation goes into effect May 25th, 2018. You may have recently received notices of changes to privacy policies by Google, Twitter, and other tech companies. The reason: the GDPR. It attempts to create uniform rules for how personal data is managed in EU countries. The European continent’s first piece of legislation pertaining to the protection of personal data was the “Convention 108”, adopted in 1981 by the Council of Europe (a different international institution that the EU which brings together 47 countries). Later, in 1995, the European Union passed its directive “on the protection of individuals with regard to the processing of personal data and on the free movement of such data”. Unlike the 1995 personal data directive, which must be implemented by EU countries in their nationals laws, the new GDPR is EU law that applies without reliance on national implementing laws. The GDPR is also broader than the personal data directive. The key changes are discussed below.

OVERVIEW OF KEY CHANGES BY GDPR

1. Extensive territorial scope: controllers of data with no establishment in the EU can still be subject to the Regulation for processing related to the offering of goods and services in the EU, or to the monitoring of the behavior of data subjects located in the EU.

No longer matters whether controllers actually process data within the EU.
If an EU citizen's data is processed, the controller is subject to the GDPR.

2. Enhanced rights of data subjects:

New right to ‘data portability’: in certain situations, controllers will be bound to transmit personal data to new controllers, on the request of data subjects who may wish to switch from on service to another;
Upgraded rights to erasure (‘right to be forgotten’) and to restriction of processing;
Substantial increase of the number of information items which must be provided to data subjects, including in particular the retention period of the collected data;
More stringent conditions for a valid consent (where required): it will have to be freely given, specific, informed and unambiguous, by statement or by affirmative action.

3. Redesigned obligations for controllers and processors:

Auto-compliance and accountability: controllers and processors must ensure and be able to demonstrate that they have implemented any technical and organizational measures in order to ensure that the processing carried out comply with the Regulation. Such demonstration may be helped through adhesion to codes of conducts, or through certifications;
The end of prior notifications: the obligation to notify the competent supervising authority prior to each processing is replaced by an obligation to keep detailed records of processing activities;
Data by design and by default: controllers and processors will be expressly bound to respect these principles which is viewed as an effective means for compliance;
Specific measures to be implemented in certain situations: (i) appointment of a data protection officer; (ii) privacy impact assessments; and (iii) notification of data breaches to supervising authorities and to concerned data subjects;
Other new obligations related in particular to the (i) joint controller regime (the breakdown of the different responsibilities will have to be determined); and to (ii) the choice of data processors and to the contracts between controllers and processors.

4. Reinforcement and clarification of the supervising authorities’ roles and powers:

Administrative fines up to 20 million Euros or 4% of the worldwide annual turnover of the preceding financial year;
For cross-border processing, a lead authority will handle issues in accordance to a new co-operation procedure between it and other concerned supervising authorities (which will remain competent alone in certain situations);
Supervisory authorities will have to offer each other mutual assistance, and may conduct joint operations when necessary;
A new entity, the “European Data Protection Board”, will replace the Article 29 Working Party and will be in charge of providing opinions to supervising authorities on certain matters, of ensuring consistent application of the Regulation (by supervising authorities) in particular through a dispute resolution mechanisms, of issuing guidelines, of encouraging the drawing-up of codes of conducts etc.

Illinois Introduces State Bill Seeking to Protect Net-Neutrality

03/21/2018

Since the Federal Communications Commission (FCC) voted to repeal the Obama-era net neutrality rules in December 2017, many states have been at work trying to safeguard against the possible negative fallout. On February 14, 2018, Illinois State Rep. Ann Williams filed House Bill 4819, the Broadband Procurement and Disclosure Act.

HB 4819 requires that all internet service providers (ISPs) who do business with state agencies adhere to basic net neutrality principles. The bill requires that the ISPs make “clear and conspicuous” statement disclosing the ISP’s network management practices. Most importantly, the bill aims to restore basic net neutrality rules by mandating that all ISPs providing service to Illinois agencies “shall not block” users from accessing lawful content. The bill also provides that ISPs shall not “impair” or “degrade” lawful traffic to the user, based on content. Finally, the bill prohibits ISPs from manipulating broadband service to favor certain traffic, and from unreasonably interfering with either the end user’s ability to access desired content or content producer’s ability to make content available to users.

U.S. Federal Communications Commission votes to repeal net neutrality law

12/29/2017

On December 14, 2017, the United States Federal Communications Commission (FCC) voted to repeal Obama's net neutrality protections. These now-eliminated protections include barring internet providers from slowing down or blocking access to online content, and prohibiting internet providers from promoting their own content. Ajit Pai, Chairman of the FCC, stated "[the repeal] is not going to destroy the internet. It is not going to end the internet as we know it. It is not going to kill democracy. It is not going to stifle free expression online."

Others, have voiced strong opinions against the repeal. "This is a matter of enormous importance with significant implications for our entire economy and therefore merits the most thorough, deliberate, and thoughtful process that can be provided," stated Maine Senators Susan Collins, Republican, and Angus King, independent. The FCC also received millions of comments supporting current net neutrality protections.

States have voiced their stance against the FCC's net neutrality protection repeals. New York Attorney General Eric Schneiderman has declared intentions to sue to stop the FCC’s rollback of net neutrality, stating "We will be filing a claim to preserve protections for New Yorkers and all Americans. And we’ll be working aggressively to stop the FCC’s leadership from doing any further damage to the internet and to our economy.” Washington State Attorney Bob Ferguson also announced his intention to take action, stating "Today, I am announcing my intention to file a legal challenge to the FCC’s decision to roll back net neutrality, along with attorneys general across the country." Other states, including Oregon, Illinois, Iowa, and Massachusetts, will join the lawsuit as well.

China blocks What's App

07/19/2017

China partially blocked the popular messaging service called What's App, owned by Facebook. China reportedly blocked photos and videos from being shared on the service, and, in some cases, even messages.

The New York Times stated: "According to the analysis that we ran today on WhatsApp’s infrastructure, it seems that the Great Firewall is imposing censorship that selectively targets WhatsApp functionalities,' said Nadim Kobeissi, an applied cryptographer at Symbolic Software, a cryptography research start-up." The conjecture was that the censorship was part of the government's leadup to the upcoming selections in Congress: "To complicate matters, the 19th Party Congress — where top leadership positions are determined — is just months away. The government puts an increased emphasis on stability in the run up to the event, which happens every five years, often leading to a tightening of internet controls."

Canada's Supreme Court Backs Order for Google to Remove Link from Access in All Countries, Not Just Canada

06/30/2017

This week, in Google Inc. v. Equustek Solutions, Inc., Canada's Supreme Court upheld (in a 7-2 decision) the grant of a preliminary injunction against Google to remove a link to a website that allegedly infringed the intellectual property of a small tech company. The IP controversy was not against Google as a party, but the lower court ordered Google to remove the link to the defendant's website from access worldwide. Google had delisted the website from searches in Canada (at google.ca). But the Supreme Court of Canada upheld the grant of a worldwide preliminary injunction that affects people around the world. [Download the decision.]

The Supreme Court reasoned:

Google’s argument that a global injunction violates international comity because it is possible that the order could not have been obtained in a foreign jurisdiction, or that to comply with it would result in Google violating the laws of that jurisdiction, is theoretical. If Google has evidence that complying with such an injunction would require it to violate the laws of another jurisdiction, including interfering with freedom of expression, it is always free to apply to the British Columbia courts to vary the interlocutory order accordingly. To date, Google has made no such application. In the absence of an evidentiary foundation, and given Google’s right to seek a rectifying order, it is not equitable to deny E the extraterritorial scope it needs to make the remedy effective, or even to put the onus on it to demonstrate, country by country, where such an order is legally permissible.
D and its representatives have ignored all previous court orders made against them, have left British Columbia, and continue to operate their business from unknown locations outside Canada. E has made efforts to locate D with limited success. D is only able to survive — at the expense of E’s survival — on Google’s search engine which directs potential customers to D’s websites. This makes Google the determinative player in allowing the harm to occur. On balance, since the world‑wide injunction is the only effective way to mitigate the harm to E pending the trial, the only way, in fact, to preserve E itself pending the resolution of the underlying litigation, and since any countervailing harm to Google is minimal to non‑existent, the interlocutory injunction should be upheld.

Commentators, such as Michael Geist, pointed out the danger in the Canadian approach: if each country (isuch as China or Iran) used the same power to issue worldwide injunctions against Google, there would be a race to the bottom and massive censorship online.

◢

Day of Protest on July 12 to Fight Repeal of Net Neutrality in US

06/22/2017

From Fight for the Future: Thousands of websites plan massive online protest for July 12th. Twitter, Soundcloud, Medium, Twilio, Plays.tv, and Adblock are among latest major web platforms to join the Internet-Wide Day of Action to Save Net Neutrality scheduled for July 12th to oppose the FCC’s plan to slash Title II, the legal framework for net neutrality rules that protect online free speech and innovation. Companies participating will display prominent messages on their homepages on July 12 or encourage users to take action in other ways, like through push notifications and emails. The momentum comes against the backdrop of a recent Morning Consult / POLITICO poll that shows broad bipartisan support for net neutrality rules. “This protest is gaining so much momentum because no one wants their cable company to charge them extra fees or have the power to control what they can see and do on the Internet,” said Evan Greer, campaign director of Fight for the Future, “Congress and the FCC need to listen to the public, not just lobbyists. The goal of this day of action is to make them listen.”

More than 40,000 people, sites, and organizations have signed up to participate in the effort overall, and more announcements from major companies are expected in the coming days. Many popular online personalities including YouTuber Philip DeFranco, and dozens of major online forums and subreddits have also announced their participation. The effort is led by many of the grassroots groups behind the largest online protests in history including the SOPA blackout and the Internet Slowdown. The day of action will focus on grassroots mobilization, with public interest groups activating their members and major web platforms providing their visitors with tools to contact Congress and the FCC.

Companies participating include Amazon, Netflix, OK Cupid, Kickstarter, Etsy, Reddit, Mozilla, Vimeo, Y Combinator, GitHub, Private Internet Access, Pantheon, Bittorrent Inc., Shapeways, Nextdoor, Patreon, Dreamhost, and CREDO Mobile, Goldenfrog, Fark, Chess.com, Imgur, Namecheap, DuckDuckGo, Checkout.com, Sonic, Brave, Ting, ProtonMail, O’Reilly Media, Discourse, and Union Square Ventures. Organizations participating include Fight for the Future, Free Press Action Fund, Demand Progress, Center for Media Justice, EFF, Internet Association, Internet Archive, World Wide Web Foundation, Creative Commons, National Hispanic Media Coalition, Greenpeace, Common Cause, ACLU, Rock the Vote, American Library Association, Daily Kos, OpenMedia, The Nation, PCCC, MoveOn, OFA, Public Knowledge, OTI, Color of Change, MoveOn, Internet Creators Guild, and many others. See the full list here.

Freedom House "Freedom on the Net" Report 2016: 67% of world live in countries with censorship

11/21/2016

In a survey of 65 countries, Freedom House has reported that internet freedom across the world has been in a decline for the past six years, with two-thirds of internet users living under a government that has censored internet. Freedom House has ranked China, Syria, and Iran as countries with the most restrictive internet laws.

Many countries have blocked secure messaging apps. WhatsApp was blocked most of all messaging apps, being restricted in 12 countries this year. The number of governments that restricted access to social media and communication services increased from 15 to 24. Governments have also blocked materials related to LGBT rights and photos that made fun of countries' leaders. [Download the Report]

Russia orders ban of LinkedIn due to local server privacy reqirement

11/15/2016

Linkedin will be banned in Russia possibly within this week. In August, a Moscow court upheld a decision to block Linkedin. Critics are worried that this decision will further expand the state’s control over Russian’s citizens to the internet. Roskomnadzor, the executive body responsible for regulating media, claims that Linkedin violated Russian privacy law by not storing users' personal information in Russia. Alexander Zharov, Roskomnadzor's chief, state that many larger internet companies are in the process of complying with this law. However, larger social media companies like Facebook and Twitter have not complied with this law. [More from The Independent]

The Free Internet Project