Category Archives: Internet

EFF Applauds Senate Email and Location Privacy Bill

by News on July 27, 2017, no comments

Congress Must Enact ECPA Reform Legislation This Year

EFF applauds Sen. Mike Lee (R-UT) and Sen. Patrick Leahy (D-VT) for today introducing the ECPA Modernization Act of 2017 to protect user privacy in cloud content and geolocation information. As part of a congressional effort to reform the Electronic Communications Privacy Act, the Senate bill complements the Email Privacy Act (H.R. 387), which the House passed in February 2017 by voice vote—the second time the House has passed this legislation with overwhelming bipartisan support.

EFF supports these bills and urges Congress to enact ECPA reform legislation this year.

Both the House and Senate bills require law enforcement to obtain a probable cause warrant from a judge to access private content stored by third-party service providers. This would codify the 2010 Sixth Circuit Court of Appeals decision in Warshak v. United States, which held that the government violated the Fourth Amendment when it obtained emails stored by a third-party service provider without a probable cause warrant. This would also be consistent with the 2015 Ninth Circuit Court of Appeals decision in United States v. Kitzhaber, which held that the defendant had a reasonable expectation of privacy in his emails stored by a third-party service provider.

Additionally, the Senate bill:

  • Requires the government to obtain a probable cause warrant from a judge to access geolocation information stored by third-party service providers;
  • Requires the government to notify a user when it obtains a warrant to access the user’s cloud content or stored geolocation information;
  • Requires the government to obtain a probable cause warrant from a judge in order to acquire real-time geolocation information, for example, via a cell-site simulator (a.k.a., IMSI catcher or Stingray) or GPS tracking device. This is consistent with the 2012 U.S. Supreme Court decision in United States v. Jones, in which five justices agreed that ongoing electronic surveillance by the government of an individual’s movements implicates that individual’s reasonable expectation of privacy.
  • Provides a suppression remedy if the government accesses cloud content or stored or real-time geolocation information without a warrant or otherwise in violation of the law. This means that a court can deem such data inadmissible as “evidence in any trial, hearing, or other proceeding in or before any court, grand jury, department, officer, agency, regulatory body, legislative committee, or other authority of the United States, a State, or a political subdivision thereof.”
  • Heightens the standard for the government to obtain a pen register order (to capture numbers dialed) or trap-and-trace order (to track an incoming caller) from a court.

The Senate bill thus embodies the first three principles of the Digital Due Process coalition, a diverse group of civil liberties non-profits (including EFF), technology companies, trade associations, and others that support ECPA reform.

However, the Senate bill isn’t perfect. For example, we would prefer that the government be required to provide notice to a user after it obtains real-time geolocation information. The bill does not explicitly require this. While Federal Rule of Criminal Procedure 41(f)(2)(C) requires after-the-fact notice, a statutory notice mandate would preempt attempts to amend the court rules.

The time for ECPA reform is long overdue. ECPA was first passed in 1986 and provides modest privacy protections against government access to electronic communications and content stored by third-party service providers—and it doesn’t even contemplate geolocation information.

The law has not kept pace with advances in technology and the habits of users. With the rise of cloud computing, individuals have come to rely on technology companies to store private emails, text messages, social media posts, photos and other documents, often indefinitely. While such content might contain the most personal of thoughts and details about an individual, many users do not realize that an email stored on a Google or Microsoft server has less protection than a letter sitting in a desk drawer at home. And users often can’t control how and when their whereabouts are being tracked by technology.

We urge Congress to act quickly to enact ECPA reform legislation, which would provide critical privacy protections for users of modern technology without unduly hindering law enforcement.

Related Cases:

How Threats Against Domain Names Are Used to Censor Content

by News on July 27, 2017, no comments

Today EFF and Public Knowledge are releasing a whitepaper titled Which Internet registries offer the best protection for domain owners? Top-level domains are the letters after the dot, like .com, .uk, .biz, or .mobi. Since 2003, hundreds of new top-level domains have come onto the market, and there has never been more choice for domain name registrants. But apart from choosing a name that sounds right and is easy to remember, a domain name registrant should also consider the policies of the registry that operates the domain, and those of the registrar that sells it to them.

Trademarks

To draw one example of out of our whitepaper, if you’re running a website to criticize an established brand and you use that brand as part of your domain name, it may be wise to avoid registering it in a top-level domain that offers special rights and procedures to brand owners, that could result in your domain name being wrongly taken away or could embroil you in dispute settlement proceedings.

This probably means you’ll want to think twice about registering in any of the newer global top-level domains (gTLDs), which provide brand owners access to a privately-run Trademark Clearinghouse that gives them veto powers that go far beyond those they would receive under the trademark law of the United States or those of most other countries.

For example, under U.S. trademark law, if a trademark applicant sought to register an ordinary word such as smart, forex, hotel, one, love, cloud, nyc, london, abc, or luxury, they would have to specify the category of goods or services they provide, and protection for the mark might only be extended to its use in a logo, rather than as a plain word. Yet each of the plain words above has been registered in the Trademark Clearinghouse, to prevent them being used in any of the new gTLDs without triggering a warning to prospective registrants about possible infringement.

This applies regardless of whether the planned usage covers the same category of goods or services as the original trademark—indeed there isn’t even any way for the registrant to find out what that category was, or even which country accepted the mark for registration, because the contents of the Trademark Clearinghouse database are secret. And since 94% of prospective registrants abandon their attempted registration of a domain after receiving a trademark warning, this has a drastic chilling effect on speech.

EFF is currently participating in an ICANN working group fighting to ensure that brand owners’ veto rights aren’t extended even further (for example to catch domains that include typos of brand names), and to prevent these outrageous rules being applied to older gTLDs such as .com, .net, and .org. But for now, you can minimize your exposure to trademark bullying by avoiding registering your website in one of the new domains that is subject to these unfair policies. Our whitepaper explains what to look for.

Copyright

The same considerations apply if you’re setting up a website that could fall subject to bullying from copyright holders. In this category, we draw attention to the policies of registries Donuts and Radix that have established private deals with the Motion Picture Association of America (MPAA) appointing it as a “trusted notifier” to initiate a registry-level take down of websites that it claims are engaged in extensive copyright infringement.

Our whitepaper illustrates why remedies for copyright infringement on the Internet should not come from the domain name system, and in particular should not be wielded by commercial actors in an unaccountable process. Organizations such as the MPAA are not known for advancing a balanced approach to copyright enforcement.

To avoid having your website taken down by your domain registry in response to a copyright complaint, our whitepaper sets out a number of options, including registering in a domain whose registry requires a court order before it will take down a domain, or at the very least one that doesn’t have a special arrangement with the MPAA or another special interest for the streamlined takedown of domains. For example, it was recently reported that the registry for Costa Rica’s .cr domain has been resisting extralegal demands from the U.S. Embassy to delete the domain “ThePirateBay.cr” without a court order.

Overseas Regulations

Copyright and trademark disputes aren’t the only grounds on which domain name registries can be asked to suspend or cancel your domain name. They are also frequently asked to do this because the website associated with the domain is hosting content or selling products that are unlawful or against their acceptable use policies. That’s why it’s important to know what those policies are, how and by whom a breach of those policies is decided, and what national law or laws are taken into consideration. An appendix to our whitepaper breaks this down.

EFF’s default position, drawn from the Manila Principles on Intermediary Liability, is that the only way that a registry should be forced to take down a domain because of illegal content on a website is if that determination is made by a court. And if the takedown is for a terms of service violation rather than for a violation of law, the registrant ought to be entitled to due process, including in most cases a right to be heard before any action is taken.

Online pharmacies are an example of a type of website that attracts a lot of pressure upon registries to remove domains without a court order. (LegitScript, a contractor to major U.S. drug companies, regularly boasts about the thousands of websites it has caused to be suspended through its shadowy partnerships with domain registries and registrars.) In cases of the worst of these websites, those that openly sell drugs such as opioids without prescription, their readiness to proactively enforce their acceptable use policies is understandable.

Unfortunately however, just as it is a mistake to partner with the MPAA over copyright enforcement, it is a mistake to partner with Big Pharma in enforcing pharmaceutical licensing regulations. This results in overreaching enforcement that blocks even legitimate, locally-regulated online pharmacies throughout the world, principally based of the laws of just one country (the USA) that prohibits overseas online pharmacies from selling to U.S. citizens. (Access to medicines activists have proposed a more nuanced set of principles on medicine sales online.)

Extending this example, we would never accept Internet registries being pressured to apply Russia’s anti-LGBT laws, nor the Turkish or Thai laws against criticism of those countries’ leaders, to take domains down globally. And there a whole host of such laws that might apply to a domain that a registrant might innocently register, in full compliance with the laws of their own country. Our whitepaper explains how they can minimize the risk of their domain being taken down globally because it may infringe some other country’s national law.

Registrant Privacy

Finally, our whitepaper explains how some registries and registrars do a better job at protecting the privacy of domain name registrants than others. For example, there are country-code domains that don’t provide public access to registrants’ information at all, and some registrars that offer registrants a free privacy proxy registration service. For those that don’t offer such a service for free, such proxy registration services are also commercially available to increase the privacy of your registration in any top-level domain.

No matter whether your priority is to protect your domain against trademark or copyright bullies or overseas speech regulators, or to protect the privacy of your personal information, our whitepaper also outlines an often-overlooked option: to host your website as a Tor hidden service. A Tor hidden service is a website with a special pseudo-domain .onion, which makes it more much resilient to censorship than an ordinary website, and if the website operator chooses, also more anonymous. The downside of this is that it can only be accessed by users using the Tor browser, so it may not be the best choice for a domain that is meant to be accessible to a large audience.

The domain names we use to connect to websites and Internet services are one of the weak links for free speech online: a potential point of control for governments and businesses to regulate others’ online speech and activity. Choosing top-level domains carefully is one step you can take to protect your rights.

Throttling on Mobile Networks Is a Sign of Things to Come, Unless We Save Net Neutrality Now

by News on July 27, 2017, no comments

Major mobile carriers are slowing down video streams, a net neutrality violation that heralds things to come if they get their way and roll back legal protections against data discrimination.

Recent reports on Reddit from Verizon Wireless customers have drawn attention to video streams being throttled, which Verizon claimed were caused by a temporary test of a new video “optimization” system. If that sounds familiar, it’s because it’s not the first time a carrier has throttled certain content sources while claiming to optimize them.

We’ve previously reported on how T-Mobile tried to pass off throttling as optimization with their Binge On “feature.” T-Mobile’s Binge On has evolved since we last wrote about it, but hasn’t abandoned throttling: it now throttles video for customers on their unlimited plan, and charges them extra to not be throttled, which is also against the principles of net neutrality.

Similarly, AT&T makes use of a “just-in-time” delivery technique (aka “Buffer Tuning”) for video streams. The carrier explains that with just-in-time, “a sufficient amount of video is delivered to the device so that the user can start viewing the video, and the remainder of the video is delivered just in time to the device as needed for uninterrupted viewing.” But using just-in-time means the video will stop playing more quickly if you lose reception, rather than larger portions being buffered in advance as they would on a neutral network that wasn’t observing and throttling your traffic. Although AT&T claims that just-in-time delivery helps customers by stopping them from paying for data they don’t actually use, it doesn’t give customers the choice to disable this “feature.” Sprint also makes use of the neutrality-violating just-in-time technique.

Right now, these throttling technologies seem to be used to slow down video data generally, rather than to favor the ISP’s content over competitors, but it is a trivial matter to flip that switch and make the net neutrality violation more serious, and more harmful to competition and speech.

Net neutrality allows carriers to engage in “reasonable network management,” but throttling a class of traffic does not satisfy this standard. A more reasonable technique (that Sprint also employs) is transcoding, a technique where the quality of the stream is modified in real time to match the network’s condition. For example, if the network slows down, the video quality decreases so as to still be able to deliver video at the same rate, and vice versa.

We’ve reached out to Verizon asking for more details about the “optimization” tests it’s running. Since optimization is a technical term which implies attempting to tune a system to maximize or minimize specific measurable criteria, we’re wondering what those criteria are and if Verizon will share them with the subjects of its tests. Also, given that mobile carriers have historically had trouble differentiating between streaming video traffic and other uses of their networks, we’re curious what technical means Verizon is using to identify video, and what steps it’s taken to make sure other uses aren’t affected.

Rolling back net neutrality rules could open the door to many unfair practices like site blocking and throttling. While we can’t predict exactly what changes carriers will make, it’s alarming to see them already rolling out throttling infrastructure. Without net neutrality protections, little will stop them from using that same infrastructure to discriminate against competitors, speech they dislike, or your favorite app.

TAKE ACTION

Stand up for net neutrality

Crossing the U.S. Border? Here’s How to Securely Wipe Your Computer

by News on July 26, 2017, no comments

Many people crossing the U.S. border are concerned about the amount of power that the government has asserted to search and examine travelers’ possessions, including searching through or copying contents of digital devices, like photos, emails, and browsing history. The frequency of these intrusive practices has been increasing over time.

Some travelers might choose to delete everything on a particular device or disk to ensure that border agents can’t access its contents, no matter what. Our 2017 guide for travelers addressed this option, but did not give detailed advice on how to do it, because we think most travelers won’t consider it their best option. Before embarking on wiping your computers, please read our guide to understand your legal rights at the U.S. border.

We don’t recommend disk wiping as a border crossing security measure for most travelers. It’s a less common data protection technique than the other ones highlighted in our guide, which include encryption and minimizing data that you carry. Wiping your computer will make it unusable to you. Also, it may draw the attention of border agents, since it is unusual for travelers to carry blank devices with them. This may be of particular concern to travelers who are not U.S. citizens, who may receive more scrutiny from border agents. Again, you should consider your risks and security needs carefully before deciding how best to secure your data for border crossings as everyone’s individual risk factors and data security needs are different.

Now that you’ve been sufficiently cautioned, let’s look closely at wiping your computers.

Why Wipe?

Why might you want to want to wipe a disk instead of just deleting individual files, messages, and so on? The main reason is what can happen if a device is seized. Forensic inspection of a seized device with special software tools can recover significant amounts of deleted information and references to individual files and software that have previously been removed. Wiping your disk entirely is a valuable means of protecting data against such a forensic examination, and also not having to make individual decisions about whether to erase particular things.

It’s also important if you want to make sure photos or videos are truly deleted from a camera or phone’s SD card, since these devices rarely delete media securely.

A laptop can wipe its own hard drive, or removable storage media like USB drives or SD cards, by overwriting the contents. One method of doing this is formatting the storage medium, but note that this term is applied to two very different processes. Only “low-level formatting” (also called “secure formatting” or “formatting with overwriting”) actually erases the hard drive by overwriting data. “Quick format” or “high-level format” does not do so, and is thus less secure. Formatting tools let you choose between a quick format and a secure overwriting format. For data destruction, always choose a secure overwriting format.

You should already have built-in tools that can perform a low-level format or wipe a hard drive, or you may download third-party tools to do this. Below are some steps you can take with major computer operating systems to wipe your devices or removable media. Keep in mind that after wiping a hard drive, you may need to reinstall the operating system before you can use the device again.

One consideration when wiping computer media is the limited ability to delete data on solid-state drives (SSDs) ubiquitous in modern computers, including flash-based removable media as well as internal SSD hard drives. Because of a technology called wear leveling, overwriting may not reliably delete these kinds of storage media in full. This technology tries to spread out where things are stored to prevent any one part of the storage medium from being used more than another part. Researchers have shown that overwriting a single file on an SSD often doesn’t destroy that file’s contents; even after the entire device has been overwritten, wear leveling may leave a small random portion of the data on these media in a recoverable form. There are software vendors that promise to securely delete SSDs, but it is still not clear to us whether this can be done reliably to make the information completely unrecoverable. Encrypting your SSD may be the best way to prevent access to the information on the drive, though of course you have to do that ahead of crossing the border.

Windows

The built-in Disk Management tool can format removable media (be sure to uncheck the “Perform a quick format” option). It will not format the built-in hard drive if the computer was started from it. Formatting the built-in hard drive requires starting the computer from a bootable CD or USB drive, such as DBAN, described briefly below.

macOS

The built-in Disk Utility tool can format external storage media (be sure to click “Security options” and select “Most secure”) and the built-in hard drive. Like its Windows equivalent, it will not format the built-in hard drive if the computer was started from it. To erase the built-in hard drive, access recovery utilities, which includes the Disk Utility, by pressing ⌘R while the system is starting up. Unlike opening Disk Utility on an already-running computer, this approach will permit erasing the built-in hard drive.

Linux

Most Linux distributions have a built-in disk utility that can format either removable media or the built-in hard drive. For GNOME environments, open GNOME disk utility (or “Disks”), select a particular partition, then click the gear icon and then “Format partition…” Remember to select “Overwrite existing data with zeroes.” Note that formatting a hard drive partition that’s used to boot your operating system will make your computer unbootable until an operating system is reinstalled.

ChromeOS

To restore your ChromeOS machine to its factory state, you can make use of the “Powerwash” feature. Powerwash deletes all the locally stored user data on the device, but not things that have been backed up to Google’s cloud.

A More Complex Method

If you want to completely erase the contents of your built-in hard drive by overwriting, the most reliable option may be to download a bootable data erasure tool like DBAN. The DBAN image file needs to be downloaded and written onto a USB drive or CD-ROM; then the computer is booted from the medium containing DBAN, which gives an option to overwrite the hard drives. DBAN works independently of the operating system installed on the device, but you should exercise caution as using DBAN correctly requires following directions precisely.

Take Action

Want to learn more about how to protect your digital data when you cross the U.S. border? See EFF’s full guide. You can also download and print our pocket guide for defending privacy at the U.S. border and our one-page overview of the law at the border.

It’s sad that travelers have to worry about elaborate defensive measures to prevent border agents from snooping through their devices for no particular reason at all. Concerned about border agents running roughshod over our rights? There’s a bill in Congress that aims to fix this. Tell your elected representatives to rein in CBP.

TAKE ACTION

Speak up for border privacy

Related Cases:

EFF Asks Court to Strike Down Unconstitutional Restraint on Our Speech

by News on July 24, 2017, no comments

EFF has asked a federal court to rule in its favor in a lawsuit we filed against an Australian company that sought to use foreign law to censor us from expressing our opinion about its patent. While the company, Global Equity Management (SA) Pty Ltd (GEMSA,) knows its way around U.S. courts—having filed dozens of lawsuits against big tech companies claiming patent infringement—it has failed to respond to ours. Today we asked for a default judgment, which if granted means we win the case.

It all started when GEMSA’s patent litigation was featured in our June 2016 blog series “Stupid Patent of the Month.” The company wrote to EFF accusing us of “false and malicious slander.” It subsequently filed a lawsuit and obtained an injunction from a South Australia court ordering EFF to take down the blog post and blocking us from ever talking about any of its intellectual property.

We have not removed the post. The South Australian injunction can’t be enforced in the U.S. under a 2010 federal law that took aim against “libel tourism,” a practice by which plaintiffs—often billionaires, celebrities, or oligarchs—sued U.S. writers and academics in countries like England where it was easier to win a defamation case.

The Securing the Protection of Our Enduring and Established Constitutional Heritage Act (SPEECH Act) says foreign orders aren’t enforceable in the United States unless they are consistent with the free speech protections provided by the U.S. and state constitutions, as well as state law. Our lawsuit, filed in U.S. District Court, Northern District of California, maintains that GEMSA’s injunction, which seeks to silence expression of an opinion, would never survive scrutiny under the First Amendment in the United States and should therefore be declared unenforceable. We stood ready to defend our right to express constitutionally protected speech.

GEMSA, which has three pending patent lawsuits in in the Northern District of California, had until May 23 to respond to our case. That day came and went without a word. We can’t speculate as to why GEMSA hasn’t responded. To get a default judgment, we need to show that not only has GEMSA failed to answer our claims but also, regarding our claim that the South Australia injunction is unenforceable in the U.S., the law is on our side.

We believe that we should prevail. The law does not allow companies or individuals to make an end run around the First Amendment by finding a judge in another country to sign an injunction that censors speech in the U.S. The law the Australian court applied to grant the injunction didn’t provide as much protection for EFF’s speech as American law, which means it’s unenforceable under the SPEECH Act. Additionally, the injunction is unconstitutional under American law as it prohibits all future speech by EFF about any of GEMSA’s patents. Such prohibitions are also known as prior restraints, and are allowed only in the rarest of circumstances, none of which apply here.

Our laws also don’t allow plaintiffs to be left under a cloud of uncertainty as to their ability to speak publicly about something as important as patent litigation and reform. The Australian injunction states that failure to comply could result in the seizure of EFF’s assets and prison time for its officers. GEMSA attorneys have threatened to take the Australian injunction to American search engine companies to deindex the blog post, making the post harder to find online.

The court should set the record straight and grant our request for a default judgment. Our laws call for no less.

Global Condemnation for Turkey’s Detention of Innocent Digital Security Trainers

by News on July 24, 2017, no comments

The detention of a group of human rights defenders in Turkey for daring to learn about digital security and encryption continued last week with a brief appearance of the accused in an Istanbul court. Six were returned to jail, and four released on bail. In an additionally absurd twist, the four released activists were named in new detention orders on Friday, and are now being re-arrested.

Among those currently being held in jail are Ali Gharavi and Peter Steudtner, digital security trainers from Sweden and Germany, who had traveled to Turkey to provide online privacy advice for a conference of human rights defenders. The meeting was raided by Turkish police on July 5, and appears to be the sole basis for the prosecution.

The court charged Gharavi and Steudtner with “committing crimes in the name of a terrorist organization without being a member.” Their co-defendants include Idil Eser, the Director of Amnesty Turkey, Veli Acu and Günal Kurşun of the Human Rights Agenda Association, and Özlem Dalkıran of the Helsinki Citizens’ Assembly. Four others were released on bail, but new detention orders against them were announced on Friday, with two re-arrested over the weekend.

Gharavi and Steudtner have worked for many years in the global human rights community, providing advice about digital security and online well-being. Ali helped EFF with its Surveillance Self-Defence Guides, and has held key technology roles at the Center for Victims of Torture and Tactical Tech. Steudtner’s expertise was in holistic security, which combined technical training with his pacifist, non-violent principles.

When asked about the arrests, Turkey’s President Recep Tayipp Erdogan said that the group had “gathered for a meeting which was a continuation of July 15,” referencing the date of the attempted coup against him in 2016. The government has used the coup as a justification for the subsequent mass arrests of over 50,000 people including journalists, academics, judges and, most recently, technologists.

Strong digital security helps everyone; learning about encryption is not a sign of criminal activity. The Turkish authorities and media have continued, nonetheless, to tie the use of secure communications tools to the coup. A report in the conservative Islamist paper Yeni Akit declared that the detainees had secret government documents, and used the mobile communications app “ByLock” to stay in contact with groups connected to the coup. ByLock is a known insecure app that is largely unknown outside of Turkey and has been widely criticised by digital security experts. It is profoundly unlikely that Gharavi or Steudtner used it. Use of ByLock was also the sole reason the Turkish police gave for the arrest of Amnesty’s Chair, Taner Kiliç, last month.

The condemnation of the Turkish courts’ actions has been swift. U.S. State Department spokesperson Heather Nauert said the U.S. “strongly condemns the arrest of six respected human rights activists and calls for their immediate release,” and urged Turkey to drop the charges, which it said undermine the country’s rule of law.

Eliot Engel, the U.S. House of Representatives’ ranking member on the Foreign Affairs committee, said that “The arrest of these brave men and women is unacceptable, and the latest example of the erosion of democracy in Turkey… I call on Turkish authorities to release Idil Eser and her fellow activists without delay or condition, and Secretary Tillerson must make this a top priority in his engagement with Turkey’s government.”

Sweden’s Foreign Minister, Margot Wallstrom has called for the release of Gharavi, who is a Swedish national. “It is our understanding that Gharavi was in Turkey to participate in a peaceful seminar about freedom of the internet and we have urged Turkey to quickly clarify the grounds for the accusations against him,” she said in a statement.

Germany, Steudtner’s home country, has taken an even more forceful line. “We are strongly convinced that this arrest is absolutely unjustified,” German Chancellor Angela Merkel said, according to the DPA news agency. Germany’s Foreign Minister Sigmar Gabriel cut short a vacation to deal with the case, and summoned the Turkish Ambassador in Berlin, who was told “without diplomatic pleasantries” of Germany’s expectation that Steudtner and his colleagues should be released immediately. Gabriel later warned that “the case of Peter Steudtner shows that German citizens are no longer safe from arbitrary arrests,” and suggested that his continuing detention will lead to a “re-orienting” of German’s policy toward Turkey.

The baseless prosecution of these human rights defenders, including Peter and Ali, two innocent technologists from allies of Turkey, highlights the decline of Turkey’s democratic institutions. We continue to urge the Turkish authorities to listen to a chorus of countries and international organizations, and to free all ten victims of this profound injustice immediately.

RCEP Discussions on Ecommerce: Gathering Steam in Hyderabad

by News on July 24, 2017, no comments

Sixteen countries from Asia-Pacific are meeting in Hyderabad for the 19th round of the Regional Comprehensive Economic Partnership (RCEP) which takes place in India from 18-28 July, 2017. EFF is participating to advocate for improved transparency and openness in the negotiations, and to express our concerns about possible new rules on intellectual property and ecommerce that some countries are proposing for the agreement.

RCEP is a free trade agreement (FTA) aimed at broadening regional economic integration and liberalising trade and investment between the 10 ASEAN economies and its trading partners including Australia, China, India, Japan, Korea, and New Zealand. The total population covered by RCEP exceeds 3 billion, and with the combined GDP of about US$ 17 trillion accounting for about 40% of the world’s trade makes RCEP the biggest mega-regional trade agreement that is under negotiation.

The idea of RCEP was first introduced at an ASEAN Summit in 2011 and formal negotiations were launched in 2012. Over the last five years, the scope of the agreement has grown to include commitments for trade in goods and services, boosting economic and technical cooperation, and intellectual property. Worryingly, discussions on ecommerce issues including rules on software, data flows, and regulatory standards that have not been addressed in other trade mechanisms are also being included in the RCEP negotiations.

Reports suggest that Japan, Australia, South Korea, and New Zealand have been pushing for binding commitments from the RCEP members on ecommerce. A separate working group on ecommerce (WGEC) has been established with the aim of formalising a chapter on ecommerce in the final agreement. The agreement and the issues being negotiated are being kept confidential, however a few chapters drafts have been leaked including the ‘Terms of Reference (TOR)’ for the WGEC. WGEC members are hopeful of concluding the deal by year end which would include ‘liberalisation commitments’ and norms for ecommerce including provisions on investment, dispute settlement and competition.

The proposed elements for the TOR (for negotiations) are understood to include domestic regulatory frameworks for market access, customs duties on electronic transmission, non-discriminatory treatment of digital products, paperless trading, electronic signatures, digital certificates and online consumer protection issues such as storage and transfer of personal data protection and spam.

Controversial issues such as prohibition on requirements concerning the location of computing facilities and allowing cross-border transfer of information by electronic means are also expected to be included within the scope of the chapter. Further, countries including Australia and Japan have proposed making a permanent commitment to zero duties on digital transmissions, and prohibiting rules requiring on compulsory disclosure of source codes.

Given the secrecy of the negotiations, the lack of opportunities for public input in the process, and the complexity of issues involved, EFF convened an expert panel on ecommerce issues in the RCEP negotiations in Hyderabad. The public meeting was organised in partnership with the National Institute of Public Finance and Policy (NIPFP) and the National Law University of Law, Hyderabad. Speakers included Professor Ajay Shah (NIPFP), Parminder Jeet Singh (ItforChange) and Professor VC Vivekananda (Bennett University).

Panelists raised several issues including ensuring non-discriminatory treatment of digital products transmitted electronically and the need for guaranteeing that these products will not face government-sanctioned discrimination based on the nationality or territory in which the product is produced. Security risks associated with the prohibition of source code disclosure, and the costs of imposing measures that restrict cross-border data flows and or require the use or installation of local computing facilities were also raised by panelists.

The event was a success with negotiators from nine countries including Vietnam, Japan, Australia, New Zealand, Laos, Cambodia, South Korea and Thailand showing up for the meeting. Given that access for users at such negotiations is restricted the large number of negotiators showing interest was very encouraging. Understandably, the negotiators did not ask questions or participate in the discussions, however their interest in the issues is evident in WGEC members turning up for the panel. This is definitely an improvement on the previous negotiations where there has been limited participation from negotiators at similar events. We also received feedback that the WGEC would like to see specific issues being discussed in-depth including positive commitments that could be included.

EFF is maintaining a cautious and critical stance on the inclusion of e-commerce rules in RCEP, and the inclusion of similar rules in NAFTA, simultaneously being negotiated on the other side of the world. While it is possible to deal with e-commerce in a trade agreement in a balanced way that respects users’ rights, this is made unnecessarily difficulty when those rules are being negotiated in secret. Nonetheless, until a better way of engaging with negotiators exists, EFF will continue to provide our input through unofficial side events and bilateral meetings, because this is the best way that we can stand up for your rights in what remains an unfair and secretive process

Tell Congress: We Want Trade Transparency Reform Now!

by News on July 20, 2017, no comments

The failed Trans-Pacific Partnership (TPP) was a lesson in what happens when trade agreements are negotiated in secret. Powerful corporations can lobby for dangerous, restrictive measures, and the public can’t effectively bring balance to the process. Now, some members of Congress are seeking to make sure that future trade agreements, such as the renegotiated version of NAFTA, are no longer written behind closed doors. We urge you to write your representative and ask them to demand transparency in trade.

TAKE ACTION

Demand transparency in trade deals

Representative Debbie Dingell (D-MI) has today introduced the Promoting Transparency in Trade Act (H.R. 3339) [PDF], with co-sponsorship by Representatives Laura DeLauro (D-CT), Tim Ryan (D-OH), Marcy Kaptur (D-OH), Jamie Raskin (D-MD), Keith Ellison (D-MI), Raúl Grijalva (D-AZ), John Conyers (D-MI), Jan Schakowsky (D-IL), Louise Slaughter (D-NY), Mark DeSaulnier (D-CA), Dan Lipinski (D-IL), Chellie Pingree (D-ME), Brad Sherman (D-CA), Jim McGovern (D-MA), Rick Nolan (D-MN), and Mark Pocan (D-WI). Representative Dingell describes the bill as follows:

The Promoting Transparency in Trade Act would require the U.S. Trade Representative (USTR) to publicly release the proposed text of trade deals prior to each negotiating round and publish the considered text at the conclusion of each round. This will help bring clarity to a process that is currently off limits to the American people. Actively releasing the text of trade proposals will ensure that the American public will be able to see what is being negotiated and who is advocating on behalf of policies that impact their lives and economic well-being.

We wholeheartedly agree. Indeed, these are among the recommendations that EFF has been pushing for for some time, most recently at a January 2017 roundtable on trade transparency that we held with stakeholders from industry, civil society, and government. That event resulted in a set of five recommendations on the reform of trade negotiation processes that were endorsed by the Sunlight Foundation the Association of Research Libraries, and OpenTheGovernment.org.

A previous version of the Promoting Transparency in Trade Act was introduced into the previous session of Congress, but died in committee. Compared with that version, this latest bill is an improvement because it requires the publication of consolidated draft texts of trade agreements after each round of negotiations, which the previous bill did not.

Another of our recommendations that is reflected in the bill is to require the appointment of an independent Transparency Officer to the USTR. Currently, the Transparency Officer is the USTR’s own General Counsel, which creates an conflict of interest between the incumbent’s duty to defend the office’s current transparency practices, and his or her duties to the public to reform those practices. An independent officer would be far more effective at pushing necessary reforms at the office.

The Promoting Transparency in Trade Act faces challenging odds to make it through Congress. Its next step towards passage into law will be its referral to the House Committee on Ways and Means, and probably its Subcommittee on Trade, which will decide whether the bill will be sent to the House of Representatives for a vote. The Senate will also have to vote on the bill before it becomes law. The more support that we can build for the bill now, the better its chances for surviving this perilous process.

Passage of this bill may be the best opportunity that we’ll have to avoid a repetition of the closed, secretive process that led to the TPP. With the renegotiation of NAFTA commencing with the first official round of meetings in Washington, D.C. next month, it’s urgent that these transparency reforms be adopted soon. You can help by writing to your representative in Congress and asking them to support the bill in committee.

TAKE ACTION

Demand transparency in trade deals