The State of the Union: What Wasn’t Said (Electronic Frontier Foundation)

President Donald Trump’s first State of the Union address last night was remarkable for two reasons: for what he said, and for what he didn’t say.

The president took enormous pride last night in claiming to have helped “extinguish ISIS from the face of the Earth.”

But he failed to mention that Congress passed a law at the start of this year to extend unconstitutional, invasive NSA surveillance powers. Before it passed the House, the Senate, and received the president’s signature, the law was misrepresented by several members of Congress and by the president himself.

On the morning the House of Representatives voted to move the law to the Senate, the president weighed in on Twitter, saying that “today’s vote is about foreign surveillance of foreign bad guys on foreign land.”

Make no mistake: the bill he eventually signed—S. 139—very much affects American citizens. That bill reauthorized Section 702 original enacted as part of the FISA Amendments Act—a legal authority the NSA uses to justify its collection of countless Americans’ emails, chat logs, and browsing history without first obtaining a warrant. The surveillance allowed under this law operates largely in the dark and violates Americans’ Fourth Amendment right to privacy.

Elsewhere in his speech, the president trumpeted a future America with rebuilt public infrastructure. He foretold of “gleaming new roads, bridges, highways, railways, and waterways across our land.”

What the president didn’t say, again, is worrying. The president failed to mention that the Federal Communications Commission, now led by his personal choice in chairman, made significant steps in dismantling another public good: the Internet.

Last year, the FCC voted to repeal net neutrality rules, subjecting Americans to an Internet that chooses winners and losers, fast lanes and slow ones. The FCC’s order leaves Americans open to abuse by well-funded corporations that can simply pay to have their services delivered more reliably—and quickly—on the Internet, and it creates a system where independent business owners and artists are at a disadvantage to have their online content viewed by others.

And the president last night mentioned fair trade deals and intellectual property. He complimented his administration’s efforts in rebalancing “unfair trade deals that sacrificed our prosperity and shipped away our companies, our jobs, and our Nation’s wealth.” He promised to “protect American workers and American intellectual property through strong enforcement of our trade rules.”

Trump didn’t mention that the United States' demands for the copyright and patent sections of a renegotiated NAFTA closely mirror those of the TPP, with its unfair expansion of copyright law. It’s ironic that one of the TPP’s most vocal critics would seemingly champion one of its most dangerous components.

The president gave Americans a highlight reel last night about his perceived accomplishments. But he neglected to tell the full story about his first year in the White House.

As civil liberties are threatened and constitutional rights are violated, EFF is continuing to fight. We are still supporting net neutrality. We are still taking the NSA to court over unconstitutional surveillance. And we are still working to protect and expand your rights in the digital world, wherever the fight may take us.

Posted in Uncategorized Tagged

EFF Asks California Court to Reverse Ruling That Could Weaken Open Records Rules, Impede Public Access to Government Records (Electronic Frontier Foundation)

State agencies in California are collecting and using more data now than they ever, and much of this data includes very personal information about California residents. This presents a challenge for agencies and the courts—how to make government-held data that’s indisputably of interest available to the public under the state’s public records laws while still protecting the privacy of Californians.

EFF filed an amicus brief today urging a state appeals court to reverse a San Francisco trial judge’s ruling that would impede and possibly preclude the public’s ability to access state-held data that includes private information on individuals—even if that data is anonymized or redacted to protect privacy.

The California Public Records Act (CPRA) has a strong presumption in favor of disclosure of state records. And the California state constitution recognizes that public access to government information is paramount in enabling people to oversee the government and ensure it’s acting in their best interest. But the state constitution also recognizes a strong privacy right, so public access to information must be carefully balanced with personal privacy.

To keep records secret, agencies must show that concealment, not transparency, best serves the public interest. This balancing test was at issue in a lawsuit brought by UCLA law professor Richard Sanders and the First Amendment Coalition (FAC), who are seeking access to information from the California Bar Association about the race, ethnicity, test scores, and other information of tens of thousands of people who took the state bar exam to become lawyers. The state bar refused to release the data to protect the confidentiality of test-takers, even though no names or personal identifying information would be disclosed. The case is Sander v. State Bar of California.

A trial court sided with the bar. The case eventually went all the way to the California Supreme Court, which correctly recognized the strong public interest in disclosing the data so the effect of law school admissions policies on exam performance could be studied. It’s “beyond dispute” that the public has the right to access the information, the court said in a unanimous decision, as long as the identity of individual test takers remained confidential. It sent the case back to the trial court to decide if and how much material could be released.

This is where things took a wrong turn. Sanders and FAC presented several possible protocols to protect bar exam takers’ privacy, including three complicated anonymization techniques, but the trial court ruled that, even under these protocols, the data couldn’t be released. The court improperly placed the burden on Sanders and FAC to show that there was absolutely no way anyone’s identity could be revealed—including if the anonymized data were combined with other obscure but publicly-available personal information. In doing so, the court failed to adhere to the CPRA’s balancing tests, which require the state bar to show that the public interest in protecting the privacy of bar takers—even after their data is stripped of identifying information—clearly outweighs the public interest in the data.

In a particularly dangerous finding, the court held the CPRA couldn’t require the state bar to apply anonymization protocols because that would constitute creating a “new record” from the existing data. However, the CPRA clearly requires agencies to produce as much public information as possible, even if that means using a “surgical scalpel” to separate information that’s exempt from disclosure under the CPRA from non-exempt information. Techniques for protecting exempt information while still releasing otherwise non-exempt government records that are of great interest to the public must evolve as the government’s means of collecting, compiling, and maintaining such records has evolved. Protocols that propose to anonymize data, such as those presented by Sander and FAC, represent one such technique. California courts should not avoid grappling with whether anonymization can protect privacy by dismissing it out of hand as the creation of a “new record.” 

The California’s Public Records Act is a vital check on government secrecy. With the explosive growth of government data, particularly law enforcement surveillance data, we can’t stand by while courts sidestep the task of evaluating anonymization protocols that will increasingly play a role in balancing public access rights under the CPRA and laws like it in other states. If upheld, the Sanders ruling could weaken the public’s ability to access other electronic records and government data that contains private identifying information. EFF has fought in court to gain access to license plate records indiscriminately collected on millions of drivers by Los Angeles law enforcement agencies. The California Supreme Court ruled that police can’t keep those records secret, paving the way for EFF to analyze how this huge surveillance program works. But the records could identify drivers, so the next step is to figure out how the data can be made public in a redacted or anonymized form to protect drivers’ privacy. We are watching the Sanders case closely, and hope the appeals court does the right thing: reverse the trial court’s findings, require it to fully address the proposed anonymization protocols, and properly apply the balancing tests under the CPRA.

Posted in Uncategorized Tagged

California’s Senate Misfires on Network Neutrality, Ignores Viable Options (Electronic Frontier Foundation)

Yesterday, the California Senate approved legislation that would require Internet service providers (ISPs) in California to follow the now-repealed 2015 Open Internet Order. While well-intentioned, the legislators sadly chose an approach that is vulnerable to legal attack.

The 2015 Open Internet Order from the Federal Communications Commission provided important privacy and net neutrality protections, such as banning blocking, throttling, and paid prioritization. It is important for states to fill the void left behind by the FCC’s abandonment of those protections.

States are constrained, however, because federal policy can override, or “pre-empt,” state regulation in many circumstances. State law that doesn’t take this into account can be invalidated by the federal law. It’s a waste to pass a bill that is vulnerable to legal challenge by ISPs when strong alternatives are available.

In a letter to the California Senate, EFF provided legal analysis explaining how the state can promote network neutrality in a legally sustainable way. Unfortunately, SB 460, the legislation approved by the California Senate, is lacking many of the things EFF’s letter addressed.

Better Approaches Left Behind by SB 460

Today, California spends $100s of millions on ISPs, including AT&T, as part of its California broadband subsidy program. The state could require that recipients of that funding provide a free and open Internet, to ensure that taxpayer funds are used to benefit California residents rather than subsidizing a discriminatory network. This is one of the strongest means the state has to promote network neutrality, and it is missing from SB 460.

California also has oversight and power over more than 4 million utility poles that ISPs benefit from accessing to deploy their networks. In fact, California is expressly empowered by federal law to regulate access to the poles and the state legislature can establish network neutrality conditions in exchange for access to the poles. Again, that is not in the current bill passed by the Senate.

Lastly, each city negotiates a franchise with the local cable company and often the company agrees to a set of conditions in exchange for access to valuable, taxpayer-funded rights of way. California’s legislature can directly empower local communities to negotiate with ISPs to require network neutrality in exchange for the benefit of accessing tax-payer funded infrastructure. This is also not included in the current bill.

States Should Put Their Full Weight in Support of Network Neutrality

Any state moving legislation to promote network neutrality should invoke all valid authority to do so. At the very least, California should view the additional legal approaches we have recommended as backups, to be relied upon if the current proposal is held invalid by a court.

If SB 460’s approach to directly regulating ISPs is found to be invalid, ultimately all the legislation does is require state agencies to contract with ISPs that follow the 2015 Open Internet Order. While an important provision, it can already be required with a stroke of the pen tomorrow under a Governor’s Executive Order much in the same way as Montana and New York. And while the 2015 Open Internet Order was a good start, why not bring to bear all the resources a state has to secure such an important principle for Californians?

EFF hopes that subsequent network neutrality legislation such as Senator Wiener’s SB 822 can cover what is missing in SB 460 or that future amendments in the legislative process can bring the full weight of the state of California to bear in favor of network neutrality. Both options remain available and it is our hope that California’s legislators understand that the millions of Americans who are fighting hard to keep the Internet free and open expect elected officials that side with us to deploy their power wisely and effectively.

The importance of keeping the Internet free and open necessitates nothing less.

Posted in Uncategorized Tagged

Stupid Patent of the Month: Bigger Screen Patent Highlights a Bigger Problem (Electronic Frontier Foundation)

For more than three years now, we’ve been highlighting weak patents in our Stupid Patent of the Month series. Often we highlight stupid patents that have recently been asserted, or ones that show how the U.S. patent system is broken. This month, we’re using a pretty silly patent in the U.S. to highlight that stupid U.S. patents may soon—depending on the outcome of a current Supreme Court case—effectively become stupid patents for the entire world.

Lenovo was granted U.S. Patent No. 9,875,007 [PDF] this week. The patent, entitled “Devices and Methods to Receive Input at a First Device and Present Output in Response on a Second Device Different from the First Device,” relates to presenting materials on different screens.

The first claim of the patent is relatively easy to read and understandable, for a patent. What Lenovo claims is:

A first device, comprising:

at least one processor;

storage accessible to the at least one processor and bearing instructions executable by the at least one processor to:

receive user input to present an output on a display; and

determine a second device different from the first device on which to present the output based at least in part on identification by the first device of the second device as having a relatively larger display on which to present the output than the first device.

This claim describes a distinction a child may make, in asking a parent to put something up on the “big screen.” It covers a generic computing device, programmed to make a comparison between the size of display screens, and choose one of the screens based on that comparison, something that any person would know how to do, and any programmer would know how to implement. A review of what happened [PDF] at the Patent Office shows the fine (and trivial) distinctions Lenovo made over what was known in order to claim there was an invention. Lenovo argued that although previous technologies allowed for displaying material on second devices with larger screens, those technologies didn’t do it by identifying second devices by determining the size of the screens. Even if what Lenovo claims is true (though we have doubts that they were the first to do this), we’re not sure why as a public policy matter Lenovo should be entitled to a monopoly on this “invention.” It seems more the product of basic skill and design rather than anything inventive. Generally, people are not supposed to get patents on things that are obvious.

It’s quite possible that Lenovo will never assert this patent against anyone, and it will become like many patents, just a piece of paper on a wall. But what if Lenovo decided to assert this patent?

We’re highlighting this patent in order to bring attention to the fact that a U.S. Supreme Court case being decided this term could make this patent not just a stupid U.S. patent, but effectively a stupid worldwide patent.

Generally, countries’ patent laws only have domestic effect. If you want to have patent protection in the U.S., you need to file for a U.S. patent and show your application complies with U.S. patent law. If you want protection in India, you also need to file in India and show it complies with Indian patent law. There are differences between the patent laws of various countries; some provide more protection, some provide less. That patent laws differ in different countries is generally considered a feature, not a bug.

There’s an important exception in the U.S., however, to this general idea that patent rights are limited to a particular country. Under the Patent Act, specifically 35 U.S.C. § 271(f), if combining certain parts would constitute patent infringement in the U.S., then someone who knowingly supplies those same parts with the intention that they be combined abroad is also liable for infringement. Basically, you can’t make parts A and B in the U.S., ship them abroad and tell people to combine them into AB, if you know that you’d infringe a patent in the U.S. if you just combined them into AB in the U.S. and then shipped them abroad. The point of this narrow rule is to prevent people from offshoring the final step of a process, where they’re purposefully doing so in order to evade U.S. patent rights.

There is a new case currently pending at the U.S. Supreme Court called WesternGeco v. Ion Geophysical that relates to this fairly narrow law, § 271(f). The question the Supreme Court has been asked is: if someone is liable for patent infringement under § 271(f), can the patent owner recover lost profits relating to the combinations that were made abroad? If confined to § 271(f), the result (whichever way the court could rule) would be a fairly narrow decision. Most cases asserting patent infringement are not brought under that basis, and the circumstances that would cause infringement under that section don’t arise very often.  

But at an earlier stage of the case, the Solicitor General, whose opinion is often given great weight by the Supreme Court, advanced [PDF] a startling idea: patent owners should be able to collect damages for any act that was a foreseeable result of the U.S. based infringement in every case of patent infringement, not just those brought under § 271(f), even if the act occurred completely abroad.

This would result in a dramatic expansion of the scope of U.S. patent remedies, making them, effectively, act the same as worldwide patent rights for any product that has a global market.

An example is useful here. Suppose a display systems designer BobCo designed a system that it sold to Lenovo’s competitor CompCo in China to include in CompCo’s goods built in China. CompCo sells its goods globally, and some of the goods end up in the U.S., infringing on Lenovo’s patent in the United States. Under the Solicitor General’s view, Lenovo should be able to sue BobCo for violating the U.S. patent, and recover all the profits that BobCo made from CompCo for all the goods sold worldwide—regardless of whether they ever ended up in the U.S. Lenovo could get this reward despite the fact that all of BobCo’s acts (other than importing a few of the products) occurred abroad. Even though technically only the products that entered the U.S. infringed the U.S. patent, Lenovo’s remedy for violation of those rights would include recovery for all products worldwide.

This example is essentially the facts of a case called Power Integrations, where the U.S. Court of Appeals for the Federal Circuit (correctly, in our view), rejected such a broad scope of remedies, stating that U.S. patent laws “do not [] provide compensation for a defendant’s foreign exploitation of a patented invention, which is not an infringement at all.” The Solicitor General is now challenging this rule.

It’s not hard to see how the Solicitor General’s rule could interfere with rights held by others abroad—including the rights of the public—and would mean that U.S. patent rights would be effectively exported to other countries. Innovations that are in the public domain in China or Germany, for example, could all of a sudden become more expensive because a U.S. patent rights holder gets to impose a cost on goods in those countries because some end up in the U.S. For example, even though Lenovo has applied for a patent in China that is related to the U.S. patent, no patent has (yet) issued. Lenovo’s attempt to get a patent in Germany has also not yet been successful. But under the Solicitor General’s theory, if sales in Germany or China were a foreseeable result of infringing sales in the U.S., Lenovo could impose costs in those countries regardless of whether they actually were entitled to a patent in that jurisdiction. We’re also concerned that such a rule would lead to a race to the bottom: if U.S. courts impose a worldwide patent tax to benefit U.S. patent holders, other countries may try to do the same as well. This could lead to companies being subject to multiple claims of infringement with multiple payments of worldwide damages, again increasing costs to consumers.

We’ve now spent years highlighting some pretty silly U.S. patents. We hope the Supreme Court rejects the Solicitor General’s desire to expand the scope of U.S. patent remedies, and refuses to turn stupid U.S. patents into, effectively, stupid worldwide patents.

Posted in Uncategorized Tagged