EFF News

California’s Net Neutrality Bill Has Strong Zero Rating Protections for Low-Income Internet Users, Yet Sacramento May Ditch Them to Appease AT&T

California’s net neutrality bill, S.B. 822, is often referred to as the “gold standard” of state-based net neutrality laws. The bill tackles the full array of issues the FCC had addressed right up until the end of 2016 before it began repealing net neutrality. One such issue is the discriminatory use of zero rating, where ISPs could choose to give users access to certain content for “free”—that is, without digging into their data plans. ISPs can use zero rating to drive users to their own content and services to the detriment of competitors.

The FCC found that both AT&T’s and Verizon’s use of zero rating appeared to be in violation of the 2015 Open Internet Order, only to have those findings and investigations terminated as one of the first acts of President Trump’s FCC Chairman Ajit Pai. The core issue is the fact that companies like AT&T were simply exempting their own affiliated services from their datacaps in a blatant effort to drive wireless Internet users to their preferred products. Undoubtedly, AT&T’s recent victory over the Department of Justice’s antitrust lawsuit that sought to prevent the giant telecom company from becoming even bigger with Time-Warner content will result in even greater levels of self-dealing through discriminatory zero rating policies.

California’s legislature has so far opted to ban discriminatory users of zero rating and prevent the major wireless players from picking winners and losers online. But new and increased resistance by the ISP lobby (led by AT&T and their representative organization CALinnovates) unfortunately has legislators contemplating whether discriminatory zero rating practices should remain lawful despite their harms for low-income Internet users. In fact, AT&T and their representatives are even going so far as to argue that their discriminatory self-dealing practices that violate net neutrality are actually good for low income Internet users.

S.B. 822’s Zero Rating Provisions Ensure Low-Income Internet Users Get the Same Internet as All Other Internet Users

Studies by the Pew Research Center show that when an Internet user has limited income to purchase Internet access, they opt to get their entire Internet usage from a wireless device. As a result, the zero rating policies of wireless ISPs have a profound impact on shaping users’ Internet experience. Users who depend on their wireless device for Internet access are highly likely to pay overage fees when they try to take advantage of the full, open web. These overage fees are part of a scheme to force wireless Internet users to only use products and services that the wireless ISP has exempted from their own arbitrary data caps—and to punish users when they stray from those products and services. The CTIA’s own study confirms that if they can drive Internet users to their chosen zero rated products to the detriment of potentially superior services.

This is why California organizations that promote the digital civil rights of communities of color—such as the Center for Media Justice and Color of Change as well as experts who represent low income Californians such as the Western Center on Law and Poverty—have all come out in strong support for S.B. 822’s zero rating provisions.

S.B. 822 bans the practice of self-dealing and discriminatory gatekeeping by ISPs outright, which is why those same ISPs will fight to take it out of the legislation before it becomes law. It is why they are actively attempting to mislead legislators in Sacramento with bogus superficial studies from groups that represent ISP interests like CALinnovates that ignore the fact that the data cap is an artificial construct that is designed to raise rates on wireless users and zero rating is how they exploit that structure. There is no benefit to Internet users by simply saying the ISP’s selected services do not have additional fees associated with them and nothing about the current structure is “free” because we have all compensated companies like AT&T and Verizon to the tune of $26 billion in profits in just 2016 alone.

Without the ability to profit from discriminatory conduct, the wireless carriers will lose the financial incentive to use zero rating to create an inferior wireless Internet for those with limited income and will no longer be able to exploit their gatekeeper power.

Do Not Forget That the FCC Found That AT&T’s Zero Rating Practices Violated Net Neutrality Right Up Until It Began Repealing Net Neutrality

The FCC’s core issue with AT&T’s zero rating practices was that AT&T explicitly exempted its own products, such as DirecTV, while capping products that would compete with DirecTV. In effect, using something that was not owned by AT&T was more expensive for their wireless users forcing users with limited income to only use what AT&T had blessed. Even the Trump Administration’s Department of Justice, in its antitrust lawsuit against AT&T, cited concerns with the company weaponizing its ownership of content (in this instance HBO) against online video competitors. The only federal entity that did not seem concerned with AT&T’s discriminatory practices was the current FCC, which intentionally abandoned oversight over the industry and is even contemplating a new proposal by AT&T to impair private competition to the incumbents today.

Upholding S.B. 822 means upholding a free, open Internet for all Californians. Without it, ISPs may have free rein to create two Internets that will be premised on how much income you have to the benefit of their own services and partners. With AT&T's recent victory in the courts over the Department of Justice and the expiration of federal net neutrality rules, S.B. 822's net neutrality protections have become more important than ever. 

Take Action

Defend net neutrality in California

Categories: Privacy

70+ Internet Luminaries Ring the Alarm on EU Copyright Filtering Proposal

Vint Cerf, Tim Berners-Lee, and Dozens of Other Computing Experts Oppose Article 13

As Europe's latest copyright proposal heads to a critical vote on June 20-21, more than 70 Internet and computing luminaries have spoken out against a dangerous provision, Article 13, that would require Internet platforms to automatically filter uploaded content. The group, which includes Internet pioneer Vint Cerf, the inventor of the World Wide Web Tim Berners-Lee, Wikipedia co-founder Jimmy Wales, co-founder of the Mozilla Project Mitchell Baker, Internet Archive founder Brewster Kahle, cryptography expert Bruce Schneier, and net neutrality expert Tim Wu, wrote in a joint letter that was released today:

By requiring Internet platforms to perform automatic filtering all of the content that their users upload, Article 13 takes an unprecedented step towards the transformation of the Internet, from an open platform for sharing and innovation, into a tool for the automated surveillance and control of its users.

The prospects for the elimination of Article 13 have continued to worsen. Until late last month, there was the hope that that Member States (represented by the Council of the European Union) would find a compromise.  Instead, their final negotiating mandate doubled down on it.

The last hope for defeating the proposal now lies with the European Parliament. On June 20-21 the Legal Affairs (JURI) Committee will vote on the proposal. If it votes against upload filtering, the fight can continue in the Parliament's subsequent negotiations with the Council and the European Commission. If not, then automatic filtering of all uploaded content may become a mandatory requirement for all user content platforms that serve European users. Although this will pose little impediment to the largest platforms such as YouTube, which already uses its Content ID system to filter content, the law will create an expensive barrier to entry for smaller platforms and startups, which may choose to establish or move their operations overseas in order to avoid the European law.

For those platforms that do establish upload filtering, users will find that their contributions—including video, audio, text, and even source code—will be monitored and potentially blocked if the automated system detects what it believes to be a copyright infringement. Inevitably, mistakes will happen. There is no way for an automated system to reliably determine when the use of a copyright work falls within a copyright limitation or exception under European law, such as quotation or parody.

Moreover, because these exceptions are not consistent across Europe, and because there is no broad fair use right as in the United States, many harmless uses of copyright works in memes, mashups, and remixes probably are technically infringing even if no reasonable copyright owner would object. If an automated system monitors and filters out these technical infringements, then the permissible scope of freedom of expression in Europe will be radically curtailed, even without the need for any substantive changes in copyright law.

The upload filtering proposal stems from a misunderstanding about the purpose of copyright. Copyright isn't designed to compensate creators for each and every use of their works. It is meant to incentivize creators as part of an effort to promote the public interest in innovation and expression. But that public interest isn't served unless there are limitations on copyright that allow new generations to build and comment on the previous contributions. Those limitations are both legal, like fair dealing, and practical, like the zone of tolerance for harmless uses. Automated upload filtering will undermine both.

The authors of today's letter write:

We support the consideration of measures that would improve the ability for creators to receive fair remuneration for the use of their works online. But we cannot support Article 13, which would mandate Internet platforms to embed an automated infrastructure for monitoring and censorship deep into their networks. For the sake of the Internet’s future, we urge you to vote for the deletion of this proposal.

What began as a bad idea offered up to copyright lobbyists as a solution to an imaginary "value gap" has now become an outright crisis for future of the Internet as we know it. Indeed, if those who created and sustain the operation of the Internet recognize the scale of this threat, we should all be sitting up and taking notice.

If you live in Europe or have European friends or family, now could be your last opportunity to avert the upload filter. Please take action by clicking the button below, which will take you to a campaign website where you can phone, email, or Tweet at your representatives, urging them to stop this threat to the global Internet before it's too late. 

TAKE ACTION

Categories: Privacy

The ENCRYPT Act Protects Encryption from U.S. State Prying

It’s not just the Department of Justice and the FBI that want to undermine your right to private communications and secure devices—some state lawmakers want to weaken encryption, too. In recent years, a couple of state legislatures introduced bills to restrict or outright ban encryption on smartphones and other devices. Fortunately, several Congress members recently introduced their own bill to stop this dangerous trend before it goes any further.

The bill is called the ENCRYPT Act. EFF gladly supports it and thanks Representatives Ted Lieu (D-CA), Mike Bishop (R-MI), Suzan DelBene (D-WA), and Jim Jordan (R-OH) for sponsoring and co-sponsoring the bill.

Encryption—the technology used to secure data on phones and computers and keep digital messages safe from eavesdroppers—is under threat around the world. In the U.S., some of those threats have come from the Department of Justice and FBI, which want technology companies to purposefully and irresponsibly weaken encryption so that law enforcement can more easily get their hands on the contents of encrypted data and messages.

But the threats have come from individual U.S. states, too.

Two years ago, lawmakers in California and New York introduced statewide legislation that would’ve significantly limited their residents’ access to encrypted devices and services. In California, for example, Assembly Bill 1681 would have originally required that any smartphone sold in the state be “capable of being decrypted and unlocked by its manufacturer or its operating system provider.” To help compel this, manufacturers could have been subject to fines of $2,500 for every non-compliant device sold in the state.

This piecemeal approach to encryption is not just wrong-headed, it simply won’t work. If state legislatures individually meddle with encryption policy, we could see a landscape where Illinois residents can buy the latest iPhone and download messaging apps like Signal and WhatsApp, but Californians can’t. But the California and New York state bills, intended to help law enforcement catch criminals, ignored the reality that people could still cross into states where the technology is unrestricted to purchase encrypted devices. What’s more, it would be trivially easy for anyone to download encrypted messaging apps online, regardless of state laws.

The ENCRYPT Act would make sure this scenario doesn’t come to pass. In fact, the bill was originally introduced in 2016 as a bulwark against the California and New York state bills—both of which failed on their own.

The ENCRYPT Act would prevent U.S. states and local governments from compelling companies to weaken their encrypted products or store decryption keys for use on demand by law enforcement. It would also prevent states from prohibiting the sale and offering of certain devices and services based solely on their encryption capabilities. That means everyone across the United States, no matter what state they live in, could have equal access to strong encryption.

Of course, there are threats to encryption at the federal level as well, which is why EFF also supports the Secure Data Act. The Secure Data Act, which also has bipartisan sponsorship, would act as a perfect complement to the ENCRYPT Act by prohibiting courts and federal agencies from mandating weakened encryption or otherwise intentionally introducing security vulnerabilities. Together, the two bills would go a long way toward ensuring that strong encryption remains free of government interference in the United States.

In the meantime, the ENCRYPT Act gets encryption policy right. Your zip code shouldn’t determine your digital security.

Categories: Privacy

What to Watch for in an Internet Without Net Neutrality (And How To Stop It)

On Monday, June 11, the FCC's rollback of net neutrality rules goes into effect, but don't expect the Internet to change overnight.

We still have promising avenues to restore net neutrality rules, meaning that Internet Service Providers need to be careful how much ammunition they give us in that political fight. If they're overt about discrimination or gouging customers they increase the chance that we'll succeed and restore binding net neutrality rules.

Much like the ten years before the Open Internet Order in 2015, ISPs are still disciplined by the threat of regulation if they generate too many examples of abuse.

What will happen, though, and what we have already seen under the Trump FCC, is that ISPs play games at the margins. Both landline and mobile ISPs with data caps have already been pushing customers to particular services and media with zero-rating and throttling. And they've been pushing hard to stick us all in slow lanes unless the sites we visit pay protection money -- Verizon even told federal judges it would do this if there were no net neutrality rules.

ISPs stand to gain from creating artificial scarcity -- reducing the available bandwidth to reach their customers so they can make people bid for the privilege. We know this because they turn down offers to build up the infrastructure that would prevent congestion, as when Netflix offered to build a content delivery network for Comcast, for free. Comcast refused and was ultimately able to use congestion to force Netflix to pay up.

Removing net neutrality won't lead to more investment but rather less, because it means ISPs have the option of auctioning off limited access to customers.

You can look forward to an Internet that's slower when you're trying to visit less popular sites, and where online services get a bit more expensive because they have to pay protection money to the ISPs. It will be harder for new companies to come in and compete with the ones that paid for fast lanes, and the nonprofit information resources on the web will be harder to use.

It's not going to be a flashy apocalypse; it will be a slow decline into the Internet of ISP gatekeeping, and you probably won't even know what neat services and helpful resources you're missing. And one day, when the ISPs are secure in their victory, they'll test the waters and see if you'll pay extra to access anything that's not Facebook, or Comcast's video platform, or AT&T's paying partners.

There's still time to avoid this future, though. We won in the Senate and now it's time for the House of Representatives to vote to reinstate the Open Internet Order and protect the neutral, vibrant Internet.

Take Action

Save the net neutrality rules

Categories: Privacy

Facebook Has A Consent Problem—And The Solution Starts With Transparency

Last week, the New York Times and others reported that Facebook allowed hardware companies, including some in China, access to a broad range of Facebook users’ information, possibly without the users’ knowledge or consent. This included not only a given user’s personal information, but also that of their Facebook friends and friends-of-friends.

Right now, it's unclear precisely how much Facebook user data was shared through partnerships with third-party hardware manufacturers—but it is clear that Facebook has a consent problem. And the first step toward solving that problem is greater transparency about the full extent of Facebook’s data-sharing practices.

It might be tempting to think that the solution is for Facebook to cut off third-party hardware manufacturers and app developers entirely, but that would be a mistake. The solution to this latest issue is not to lock away user information. If we choose that as our aim, we risk enshrining Facebook as the sole guardian of its users’ data and leaving users with even less power to use third-party tools that they do trust to explore the data held by Facebook and hold the company accountable.

The solution to this latest issue is not to lock away user information from third parties entirely.

Instead, the problem is Facebook’s opacity about its data sharing practices. Facebook should have made available a list of all the third parties that might have had access to users’ data even after those users made clear they did not want their data shared. Facebook said that its agreements with device partners “strictly limited use of [user] data, including any stored on partners’ servers,” but more transparency is necessary if Facebook is to gain users’ informed consent and fulfill their right to know who has their personal data.

Understanding how this happened—and why the resolution should be transparency, not locking away data—requires a brief smartphone history lesson. About 10 years ago, app stores did not exist, and apps like Facebook were not widely available on most phones and mobile operating systems. To get Facebook on more phones, the company built “device-integrated” APIs that allowed device manufacturers to write and serve their own version of Facebook-like experiences for their users. Over the past decade, Facebook partnered with about 60 device manufacturers for this purpose—but the scope of these partnerships had not been fully reported until now.

The revelations of Facebook’s device partnerships seem to be inconsistent with reasonable interpretations of Facebook’s privacy settings and recent API changes, announcements, and even congressional testimony in the wake of Cambridge Analytica. The New York Times report also questions whether the sharing agreements violate a 2011 consent decree Facebook reached with the FTC, which required Facebook to get explicit consent before changing the way it shares users’ data.

Facebook changed its Graph API in 2015 to limit third-party developers’ access to users’ friends’ and friends-of-friends' data. But even after that change, device manufacturers—another type of third party—could still obtain data about a user’s Facebook friends and friends-of-friends, even those who had changed their settings to ostensibly prevent third-party sharing. In response to allegations that this violates the FTC consent decree, Facebook pointed out a difference in the legal consent requirements when sharing user friend data with third-party “developers” as opposed to with third-party “service providers.”

But to users, this is just a new twist on Cambridge Analytica: Facebook has shared our and our friends’ information with third parties without our knowledge or consent, and we only learn about it after the genie is already out of the bottle.

Protecting user privacy on a networked service poses a unique challenge—and Facebook has consistently failed to rise to that challenge. Much of the value of using Facebook comes from being able to see and engage with information from friends, raising the question of who must reasonably consent to what kind of sharing and to what degree. Until Facebook can navigate user expectations around meaningful, informed, ongoing consent and the transparency that requires, the company will continue to face these scandals and users’ trust in it will continue to diminish.

Categories: Privacy

California Can Lead the Way in Open Access

There’s a bill in the California legislature that would be a huge win for open access to scientific research. The California Assembly recently passed A.B. 2192 unanimously. We hope to see it pass the Senate soon, and for other states to follow California’s lead in passing strong open access laws.

Under A.B. 2192, all peer-reviewed, scientific research funded by the state of California would be made available to the public no later than a year after publication. Under current law, research funded by the California Department of Public Health is covered by an open access law, but that provision is set to expire in 2020. A.B. 2192 would extend it indefinitely and expand it to cover research funded by any state agency.

A.B. 2192 is a huge step in the right direction. When scientific research is available only to people with access to expensive journal subscriptions or subscription-based academic databases, it puts those without institutional connections at a severe disadvantage.

When EFF’s Ernesto Falcon testified to the CA Assembly on A.B. 2192, he pointed out that locking science behind a paywall often has the unintended consequence of keeping that research out of the hands of the people who most need it.

In 2012 Malaria researcher Bart Knols noted that while western societies had made great advances in treatments for malaria, it was slow going in sub Sahara Africa. The cause for this disparity? More than half of the requisite information researchers needed for treatments was locked behind a paywall (while the other half was free to access). Researchers and medical professionals in some of the most impoverished parts of the world simply could not make use of the knowledge that had already been established.

While the California bill would be a big win for open access, it leaves a few things to be desired. Under the bill, grantees would be required to put their works in a state-provided open access repository within a year of publication. An earlier version of the bill set that embargo period at six months, but it was changed to a year under pressure from lobbyists.

It’s not a coincidence that the 12-month embargo matches the one set by most federal agencies that fund scientific research: since 2013, when the White House directed government agencies to adopt open access policies, publishers have largely fallen in line with the one-year embargo period. (We’ve also been advocating for years that Congress pass a bill to lock the U.S. government’s open access policies into law.)

But let’s face it: science moves quickly and a one-year embargo is simply too long. In our letter to the Legislature about A.B. 2192, we urged lawmakers to find ways to find ways to ensure that more state-funded research is published under a gold open access model; that is, published in open access journals, available to the public with no fee:

EFF recommends the legislature also consider additional ways to ensure that more state-funded research becomes available to the public immediately upon publication, not just within the six-month embargo period the bill permits. In the fast-moving world of scientific research, a six-month embargo can put scientists without access to paid repositories at a severe disadvantage. One way to achieve that goal would be to require that publications be either shared in a public repository upon publication or published in an open access journal, similar to the University of California system’s excellent open access policy.

We also urged the legislature to consider passing an open licensing requirement for the research that it funds. Requiring that grantees publish research under a license that allows others to republish, remix, and add value ensures that the public can get the maximum benefit of state-funded science.

We hope to see A.B. 2192 pass quickly and become a model for similar open access laws in other states.

Categories: Privacy

Even Though Net Neutrality Protections Are Ending, Congress Can Still Bring Them Back

June 11, 2018 is the day that the FCC’s so-called “Restoring Internet Freedom Order” goes into effect. This represents the FCC’s abdication of authority in upholding the hard-won net neutrality protections of the 2015 Open Internet Order. But this does not mean the fight is over.

While the FCC ignored the will of the vast majority of Americans and voted not to enforce bans on blocking, throttling, and paid prioritization, it doesn’t get the final say. Congress, states, and the courts can all work to restore these protections. As we have seen, net neutrality needs and deserves as many strong protections as possible, be they state or federal. ISPs who control your access to the Internet shouldn’t get to decide how you use it once you get online.

Three states (Oregon, Washington, and Vermont) have passed state net neutrality laws. Six more (Hawai’i, Montana, New Jersey, New York, Rhode Island, and Vermont) have executive orders doing the same. Overall, 35 states have some form of net neutrality protections in the works.

Congress can overturn the FCC’s decision and reinstate the 2015 Open Internet Order with a simple majority vote under the Congressional Review Act (CRA). It passed the Senate on May 16 by a vote of 52-47. So now we have to ask the House of Representatives to follow suit. Even though House leadership has said they will not schedule a vote, one can still be called if a majority of representatives sign a discharge petition.

You can see where your representative stands and email them to support the CRA here. Now that the FCC repeal is in effect, we need to tell the House to restore protections and keep large ISPs from changing how we use the Internet.

Take Action

Save the net neutrality rules

Categories: Privacy