Publish to Newswire
Add an EventFrom the Open-Publishing Calendar
From the Open-Publishing Newswire
Indybay Feature
Notes from EFF Discussion with SF-Indymedia
Some notes from a discussion between the Electronic Frontier Foundation and San Francisco Bay Area Indymedia.
SUMMARY OF EFF DISCUSSION WITH SF-IMC
October 24, 2001, San Francisco, California
Lee Tien, Will Doherty, and Seth Schoen from the Electronic Frontier Foundation attended a San Francisco Indymedia general meeting on Wednesday, October 24th for an informal chat about Internet spying, secret government activities, and freedom of speech. These are my notes from that meeting. They are kind of scattered, and represent only what I got out of the conversation. I am not a lawyer, and the EFF folks spoke only about hypothetical situations. None of this is legal advice; if you need that, contact an attorney. This is also centered around US law only. Thanks to EFF for allowing this information to flow freely. - gekked [at] blackflag.net
Lee Tien began by describing his relationship with IMC. Lee first heard about Indymedia in April 2001, when FBI and Secret Service agents visited the Seattle IMC during the anti-FTAA riots in Quebec City. The FBI ordered Indymedia to turn over millions of IP addresses from people using the website during the protests. EFF and other privacy activist organizations offered pro-bono legal aid to Indymedia. Eventually, the FBI withdrew their order.
Since then, a relationship between Indymedia and EFF has developed because of Indymedia's unique use of online tools for collaborative and open publishing around the world. And, participants in Indymedia are thrilled to have the opportunity to work with a legendary internet rights group.
The discussion went on with a legal overview of surveillance statutes. Lee described some of the "statute regimes" that exist: Title III (from the 1968 Wiretap Act), pen trap orders (from the 1986 Electronic Communications Privacy Act), and the 1978 Foreign Intelligence Surveillance Act (FISA).
The requirements and reach of wiretap/surveillance orders vary with each statute:
Title III orders require probable cause and they permit surveillance of content (like listening to a telephone conversation). The government must eventually inform you that they have obtained a Title III wiretap.
Pen trap orders do not require probable cause, but are limited to dialing, routing, and signaling information (like a list of phone numbers that a person has called or received, but not the content of the conversations). The government does not ever have to disclose that they obtained a pen trap order against someone.
FISA orders require probable cause, but not within the context of Fourth Amendment protections. FISA orders must only show probable cause that a foreign agent or foreign power is at work. FISA orders are obtained in a secret court.
Applying laws written for telephone wiretapping to the internet has introduced legal grey areas. For instance, pen trap orders are easier to get but they are not supposed to include any content, just routing information. But while an email header or website url could be considered routing information, they also contain content (for instance, the email subject). Knowing every website that a person goes to is certainly more than routing information. These issues are still legally unresolved.
In addition, if Carnivore and other Internet spying orders are obtained with a pen trap order, you will never know if you are being surveiled (as you would under Title III). Additional concerns surround the lack of auditing and oversight for Internet spying orders.
Furthermore, as Congress passes legislation allowing increased sharing of information between law enforcement agencies, the legal boundaries set by these statute divisions are blurring.
All of these legal protections are further diminished by the success rate of law enforcement in obtaining these orders. Between 1968 and 1996, over 20,000 Title III orders were approved, and only 28 were denied.
http://www.epic.org/privacy/wiretap/stats/taps_denied.html
The discussion moved to the USA Act, PATRIOT Act and other anti-terrorism bills currently being passed in the U.S. Congress. Lee Tien described the frustration of civil liberties advocates since September 11th. Around October 16th or 17th, the legislation negotiations were whisked off the floor and moved to behind closed doors. The civil rights community has not seen drafts since then. The USA PATRIOT Act (HR3162) passed the House on October 24 and the Senate on October 25 and was signed into law by President Bush.
http://thomas.loc.gov/cgi-bin/bdquery/z?d107:h.r.03162:
A question was asked about this legislation's impact on encryption. Sen. Judd Gregg (New Hampshire-R) had called for government backdoors in encryption two days after September 11th, but quickly gave up. No further language regarding encryption technology has been added to the anti-terrorism legislation being considered by Congress.
http://www.wired.com/news/conflict/0,2100,47635,00.html
A question was asked about liability regarding IMC's open publishing model. It is very clear from a legal perspective that ISPs and websites have no communicative tort liability (defamation, slander, etc.) for content posted by Internet users. However, ISPs and websites do have a responsibility to remove copyrighted material, illegally obscene, child pornographic, or possibly harmful to minors material, or threatening criminal material.
For copyrighted materials, there is a "safe harbor" provision in the Digital Millenium Copyright Act. This means that there is a notice and takedown procedure for copyrighted materials. To ensure compliance with DMCA, websites should provide a contact email address where DMCA violation notices can be sent. The "safe harbor" provisions of DMCA apply only if the ISP removes the copyrighted materials in response to a complaint and replaces them in response to a counter-complaint. The "safe harbor" provisions do not apply to materials posted by ISP employees, or likely even in this case IMC volunteers.
A question was asked about general inquiries from law enforcement about criminal activities. In particular, the question was referred to a specific incident regarding Flagstaff police contacting Indymedia about a vandalism investigation. A general answer was given, which is that no email communications should be ignored. The response can be as simple as "talk to my lawyer," but no request should be ignored.
http://arizona.indymedia.org/front.php3?article_id=1613
A question was asked about an ISP's legal responsibility to keep server logs. Currently, there is no requirement for any ISP in the United States to maintain server activity logs. Lee suggested that this could be changing soon, and that the UK and Dutch governments were leading the charge towards this requirement.
A question was asked about rumors that Internet users have been experiencing slowdowns, and that they call their ISP, who tell them that a "government-installed box is slowing down our network." It was decided by the techs in the room that Carnivore could not really create a network slow-down, that it is just dumping data. However, hypothetically, Internet surveillance devices could impact an end user's network performance.
October 24, 2001, San Francisco, California
Lee Tien, Will Doherty, and Seth Schoen from the Electronic Frontier Foundation attended a San Francisco Indymedia general meeting on Wednesday, October 24th for an informal chat about Internet spying, secret government activities, and freedom of speech. These are my notes from that meeting. They are kind of scattered, and represent only what I got out of the conversation. I am not a lawyer, and the EFF folks spoke only about hypothetical situations. None of this is legal advice; if you need that, contact an attorney. This is also centered around US law only. Thanks to EFF for allowing this information to flow freely. - gekked [at] blackflag.net
Lee Tien began by describing his relationship with IMC. Lee first heard about Indymedia in April 2001, when FBI and Secret Service agents visited the Seattle IMC during the anti-FTAA riots in Quebec City. The FBI ordered Indymedia to turn over millions of IP addresses from people using the website during the protests. EFF and other privacy activist organizations offered pro-bono legal aid to Indymedia. Eventually, the FBI withdrew their order.
Since then, a relationship between Indymedia and EFF has developed because of Indymedia's unique use of online tools for collaborative and open publishing around the world. And, participants in Indymedia are thrilled to have the opportunity to work with a legendary internet rights group.
The discussion went on with a legal overview of surveillance statutes. Lee described some of the "statute regimes" that exist: Title III (from the 1968 Wiretap Act), pen trap orders (from the 1986 Electronic Communications Privacy Act), and the 1978 Foreign Intelligence Surveillance Act (FISA).
The requirements and reach of wiretap/surveillance orders vary with each statute:
Title III orders require probable cause and they permit surveillance of content (like listening to a telephone conversation). The government must eventually inform you that they have obtained a Title III wiretap.
Pen trap orders do not require probable cause, but are limited to dialing, routing, and signaling information (like a list of phone numbers that a person has called or received, but not the content of the conversations). The government does not ever have to disclose that they obtained a pen trap order against someone.
FISA orders require probable cause, but not within the context of Fourth Amendment protections. FISA orders must only show probable cause that a foreign agent or foreign power is at work. FISA orders are obtained in a secret court.
Applying laws written for telephone wiretapping to the internet has introduced legal grey areas. For instance, pen trap orders are easier to get but they are not supposed to include any content, just routing information. But while an email header or website url could be considered routing information, they also contain content (for instance, the email subject). Knowing every website that a person goes to is certainly more than routing information. These issues are still legally unresolved.
In addition, if Carnivore and other Internet spying orders are obtained with a pen trap order, you will never know if you are being surveiled (as you would under Title III). Additional concerns surround the lack of auditing and oversight for Internet spying orders.
Furthermore, as Congress passes legislation allowing increased sharing of information between law enforcement agencies, the legal boundaries set by these statute divisions are blurring.
All of these legal protections are further diminished by the success rate of law enforcement in obtaining these orders. Between 1968 and 1996, over 20,000 Title III orders were approved, and only 28 were denied.
http://www.epic.org/privacy/wiretap/stats/taps_denied.html
The discussion moved to the USA Act, PATRIOT Act and other anti-terrorism bills currently being passed in the U.S. Congress. Lee Tien described the frustration of civil liberties advocates since September 11th. Around October 16th or 17th, the legislation negotiations were whisked off the floor and moved to behind closed doors. The civil rights community has not seen drafts since then. The USA PATRIOT Act (HR3162) passed the House on October 24 and the Senate on October 25 and was signed into law by President Bush.
http://thomas.loc.gov/cgi-bin/bdquery/z?d107:h.r.03162:
A question was asked about this legislation's impact on encryption. Sen. Judd Gregg (New Hampshire-R) had called for government backdoors in encryption two days after September 11th, but quickly gave up. No further language regarding encryption technology has been added to the anti-terrorism legislation being considered by Congress.
http://www.wired.com/news/conflict/0,2100,47635,00.html
A question was asked about liability regarding IMC's open publishing model. It is very clear from a legal perspective that ISPs and websites have no communicative tort liability (defamation, slander, etc.) for content posted by Internet users. However, ISPs and websites do have a responsibility to remove copyrighted material, illegally obscene, child pornographic, or possibly harmful to minors material, or threatening criminal material.
For copyrighted materials, there is a "safe harbor" provision in the Digital Millenium Copyright Act. This means that there is a notice and takedown procedure for copyrighted materials. To ensure compliance with DMCA, websites should provide a contact email address where DMCA violation notices can be sent. The "safe harbor" provisions of DMCA apply only if the ISP removes the copyrighted materials in response to a complaint and replaces them in response to a counter-complaint. The "safe harbor" provisions do not apply to materials posted by ISP employees, or likely even in this case IMC volunteers.
A question was asked about general inquiries from law enforcement about criminal activities. In particular, the question was referred to a specific incident regarding Flagstaff police contacting Indymedia about a vandalism investigation. A general answer was given, which is that no email communications should be ignored. The response can be as simple as "talk to my lawyer," but no request should be ignored.
http://arizona.indymedia.org/front.php3?article_id=1613
A question was asked about an ISP's legal responsibility to keep server logs. Currently, there is no requirement for any ISP in the United States to maintain server activity logs. Lee suggested that this could be changing soon, and that the UK and Dutch governments were leading the charge towards this requirement.
A question was asked about rumors that Internet users have been experiencing slowdowns, and that they call their ISP, who tell them that a "government-installed box is slowing down our network." It was decided by the techs in the room that Carnivore could not really create a network slow-down, that it is just dumping data. However, hypothetically, Internet surveillance devices could impact an end user's network performance.
Add Your Comments
We are 100% volunteer and depend on your participation to sustain our efforts!
Donate
$230.00 donated
in the past month
Get Involved
If you'd like to help with maintaining or developing the website, contact us.
Publish
Publish your stories and upcoming events on Indybay.
Topics
More
Search Indybay's Archives
Advanced Search
►
▼
IMC Network