Jon Lawrence – Electronic Frontiers Australia Promoting and protecting digital rights in Australia since 1994. Sun, 18 Feb 2018 01:47:39 +0000 en-AU hourly 1 FBI says device encryption is 'evil' and a threat to public safety Sun, 14 Jan 2018 04:13:07 +0000 Continue reading ]]> The FBI continues its anti-encryption push. It's now expanded past Director Christopher Wray to include statements by other FBI personnel. Not that Chris Wray isn't taking every opportunity he can to portray personal security as a threat to the security of the American public. He still is. But he's no longer the only FBI employee willing to speak up on the issue.

This post is by Tim Cushing and was originally published on See the original article.

Wray expanded his anti-encryption rhetoric last week at a cybersecurity conference in New York. In short, encryption is inherently dangerous. And the FBI boss will apparently continue to complain about encryption without offering any solutions.

The Federal Bureau of Investigation was unable to access data from nearly 7,800 devices in the fiscal year that ended Sept. 30 with technical tools despite possessing proper legal authority to pry them open, a growing figure that impacts every area of the agency's work, Wray said during a speech at a cyber security conference in New York.

The FBI has been unable to access data in more than half of the devices that it tried to unlock due to encryption, Wray added.

"This is an urgent public safety issue," Wray added, while saying that a solution is "not so clear cut."

The solution is clear cut, even if it's not workable. What Wray wants is breakable encryption. And he wants companies to do the work and shoulder the blame. Wray wants to be able to show up at Apple's door with a warrant and walk away with the contents of someone's phone. How that's accomplished isn't really his problem. And he's not intellectually honest enough to own the collateral damage backdoored encryption would cause. But that's how Wray operates. He disparages companies, claiming encryption is all about profit and the government is all about caring deeply for public safety. Both statements are dishonest.

But Wray isn't the only FBI employee taking the move to default encryption personally. And the others commenting are taking the rhetoric even further, moving towards personal attacks.

On Wednesday, at the the International Conference on Cyber Security in Manhattan, FBI forensic expert Stephen Flatley lashed out at Apple, calling the company “jerks,” and “evil geniuses” for making his and his colleagues' investigative work harder. For example, Flatley complained that Apple recently made password guesses slower, changing the hash iterations from 10,000 to 10,000,000.

That means, he explained, that “password attempts speed went from 45 passwords a second to one every 18 seconds,” referring to the difficulty of cracking a password using a “brute force” method in which every possible permutation is tried.


“At what point is it just trying to one up things and at what point is it to thwart law enforcement?" he added. "Apple is pretty good at evil genius stuff."

This is great. Apple is now an "evil genius" because it made stolen iPhones pretty much useless to thieves. Sure, the device can be sold but no one's going to be able to drain a bank account or harvest a wealth of personal information. This was arguably in response to law enforcement (like the FBI!) complaining cellphone makers like Apple were assholes because they did so little to protect users from device theft. And why should they, these greedy bastards? Someone's phone gets stolen and the phone manufacturer now has a repeat customer.

Encryption gets better and better, limiting the usefulness of stolen devices and now Apple is an "evil genius" engaged in little more than playing keepaway with device contents. Go figure.

The FBI's phone hacker did have some praise for at least one tech company: Cellebrite. The Israeli hackers were rumored to have helped the FBI get into San Bernardino shooter Syed Farook's phone after a failed courtroom showdown with Apple. The FBI ended up with nothing -- no evidence on the phone and no court precedent forcing companies to hack away at their own devices anytime the government cites the 1789 All Writs Act.

Now we're supposed to believe device makers are the villains and the nation's top law enforcement agency is filled with unsung heroes just trying to protect the public from greedy phone profiteers. I don't think anyone believes that narrative, possibly not even those trying to push it.

]]> 0
Australian tech start-ups stand to lose out in proposed copyright reforms Tue, 12 Dec 2017 10:29:42 +0000 Continue reading ]]> The Australian government quietly introduced the Copyright Amendment (Service Providers) Bill 2017 to the Senate on Wednesday. If enacted, the bill will extend the scope of Australia’s copyright safe harbours - very slightly.

Safe harbours protect internet hosts and platform providers from monetary liability for copyright-infringing content posted or shared by their users. For example, if you post the latest Thor movie to YouTube, YouTube won’t be responsible for copyright infringement if it takes down that video. In Australia, we only extend this protection to internet services providers, not general purpose websites.

This matters because technology firms rely on limits to liability to manage their risks. Companies like Facebook or YouTube, which host millions of pieces of user content, would face serious difficulty starting in Australia because our laws on copyright infringement are so strict.

This article is by Kylie Pappalardo, from Queensland University of Technology and was originally published on The Conversation. It is republished here under a Creative Commons Attribution-Non-Derivative Licence (CC-BY-ND). See the original article.

The new legislation is a step in the right direction, but it doesn’t go far enough to create an environment that fosters Australian innovation.

Excluding platforms from safe harbours doesn’t make much difference to tech giants like YouTube and Facebook, since they already operate within the United States safe harbours. But it does discourage Australian tech start-ups from the chance to experiment in a reduced-risk environment.

It is not just the US with broader copyright safe harbours than Australia - jurisdictions around the world extend safe harbours to internet intermediaries beyond ISPs.

The European Union, for example, provides that member states must ensure that any hosting provider will not be liable for unlawful content posted by users, provided it acts quickly to remove the content upon notice.

Low hanging fruit

It’s the second time this year that the government has amended Australia’s copyright laws. The first was the Copyright Amendment (Disability Access and Other Measures) Act 2017, passed in June, which provides greater access to copyrighted content for people with disabilities such as vision impairment.

Both measures are low hanging fruit for the government. They improve our existing copyright law, but they don’t advance us far from the status quo.

The government is staying well clear of the more contentious, though far more impactful, potential reforms to the Copyright Act recommended by bodies such as the Australian Law Reform Commission and the Productivity Commission.

What are the copyright safe harbours?

The copyright safe harbours came about as a result of the US Digital Millennium Copyright Act (DMCA) in 1998. The DMCA represented an important bargain struck between the established content industry, such as big film and TV studios, and the burgeoning tech industry.

The content industry got a “notice-and-takedown” regime that required online service providers to remove material that infringes copyright. In exchange, the tech industry got copyright safe harbours.

Under this system, the service provider must quickly and efficiently remove infringing content if they are informed about it by the copyright owner. This notice-and-takedown scheme has become fundamentally important to the way the internet works today.

Why are Australian safe harbours so limited?

In the 2005 Australia-US Free Trade Agreement, Australia agreed to adopt these provisions into Australian domestic law.

But in enacting the copyright safe harbours, parliament made a drafting error. Instead of extending protection to “service providers”, as the US law does, we gave protection to “carriage service providers” as defined in the Telecommunications Act.

Essentially, Australia only gave protection to internet service providers like Telstra, Optus and TPG, and not to platform providers like Whirlpool, RedBubble, YouTube or Facebook. For more than a decade, this has been a critical difference between US and Australian copyright law.

What’s changing?

The new bill appears to close the glaring gap between US and Australian law by replacing the term “carriage service provider” with, simply, “service provider”.

But the bill defines “service provider” to be either a carriage service provider; an organisation assisting persons with a disability; or a body administering a library, archives, cultural institution or educational institution.

It does not extend the safe harbour to those who actually need it the most – Australia’s internet hosts and platform providers.

This is a seriously missed opportunity for Australian innovators. There is a real risk for businesses, both large and small, who want to provide online spaces for people to communicate.

Our copyright laws potentially make hosts liable for much of the copyright infringing content that users may upload or share. But it can be prohibitively expensive and time-consuming to pre-screen all content before it is uploaded.

This is one of the reasons why many large social media platforms don’t base their operations in countries like Australia, and why Australian businesses are at a major competitive disadvantage compared to those in other countries.

Why not extend the safe harbour to Australian innovators?

There were early indications that the Australian government intended to extend the safe harbours to all online service providers, but these amendments were shelved.

Entertainment industry groups have been lobbying hard in recent years for measures that go beyond the notice-and-takedown scheme that the safe harbours provide. They want what they call notice-and-staydown: proactive filtering of unlicensed copyright content by service providers.

At the same time, copyright owners want higher payments. They use the term “value gap” to describe what they see as the difference between sites like Spotify that pay hefty licence fees to make content available to users and sites like YouTube that do not.

Content owners are no longer happy with the bargain they struck in the DMCA – they allege that sites like YouTube are gaming the system of the safe harbours.

There is a false equivalency at work here. Spotify is not a site for user-generated content and does not purport to be; sites like YouTube have everyday users at their core. If we believe that creative discourse, engagement and play matters then there is a cogent reason why sites that facilitate user-generated content might need some legal latitude.

However, this debate misses a more fundamental point. Limited safe harbour provisions hurt Australian creators and innovators. They increase the risk to innovators developing new technology products and platforms.

And, importantly, Australian creators miss the opportunity to exercise greater control over their creations through notice-and-takedown mechanisms that are easy to use and far cheaper than copyright lawsuits.


]]> 0
What consumers need from the ACCC inquiry into Google and Facebook Tue, 05 Dec 2017 10:03:34 +0000 Continue reading ]]>

Image: Ibrahim.ID, Wikimedia (CC-BY-SA)

Yesterday the Australian Competition and Consumer Commission (ACCC) launched an inquiry into digital platforms including Google and Facebook.

Chairman of the ACCC Rod Sims said:

The ACCC will look closely at longer-term trends and the effect of technological change on competition in media and advertising. We will also consider the impact of information asymmetry between digital platform providers and advertisers and consumers

The inquiry is overdue. To be useful, it should recognise that consumer protection law can play a larger role than it does currently in addressing platform power in the digital economy. Those leading it need to ensure its outcomes are truly beneficial for consumers, and not just the media companies and businesses using online advertising.

This article is by Amanda Scardamaglia, from Swinburne University of Technology and Angela Daly, from Queensland University of Technology and was originally published on The Conversation. It is republished here under a Creative Commons Attribution-No Derivative (CC-BY-ND) licence. See the original article.

How Google presents information

To date, limited attention has been given to the issues faced by Australian consumers in internet markets, and particularly internet search.

Our research focuses on what consumers see and experience when they use Google.

A search for ‘coffee adelaide’ produced the following results - but which are ads, and which are organic content?

In the early days, Google’s search results page was essentially a combination of organic search results (those that result from Google’s algorithm that ranks according to relevance) and ads (a pay-per-click model of advertising). This provided for a relatively clean page with each of the two main elements delineated by labels and shading.

As Google has grown and its services evolved, Google’s search results page has become increasingly complex, with several competing elements. Many of these search results elements are derived from Google’s subsidiary “vertical search” services which provide users with a specific category of online content, such as Google Maps, Google News and Google Shopping.

Our research shows this creates confusion. We found that:

  • Australian consumers have a limited understanding about the operation and origin of different parts of the search results page
  • consumers were best able to understand and identify paid advertisements, as compared to results that were organic or linked to subsidiary services
  • there was particular confusion about the operation and origin of Google’s Shopping service, but also the origin of organic search results
  • confusion seems to be more pronounced among older users and those without higher education qualifications.

These findings point to a gap in consumers’ digital literacy about Google search that should be addressed by this ACCC inquiry.

Past ACCC focus on Google

In 2011, the ACCC brought proceedings against Google for breaches of the then Trade Practices Act 1974 (Commonwealth).

The ACCC alleged that by publishing or displaying several misleading sponsored links, Google was liable for misleading and deceptive conduct, as the maker of those advertisements (the claim against the advertiser was settled). The ACCC also claimed Google had engaged in misleading and deceptive conduct by failing to distinguish sufficiently between its organic search results and sponsored links.

The case went all the way to the High Court, who dismissed the case against Google. They found the evidence against Google never rose so high as to prove that Google personnel, as distinct from the advertisers, had chosen the relevant keywords, or otherwise created, endorsed, or adopted the sponsored links. As such, Google was not liable as the maker of misleading and deceptive advertising content.

Justice Nicholas in the Federal Court at trial also found against the ACCC’s allegation that Google had failed to distinguish its organic search results and sponsored links. He said reasonable members of the public would have understood sponsored links were advertisements that were different from Google’s organic search results.

As shown above, our research suggests otherwise. Despite its win against the ACCC in the High Court in 2013, Google should consider taking simple steps to label the different parts of its search results page more clearly, or risk legal action once more.

A guide for the future

In our recent submission to the Australian Consumer Law Review Issues Paper, we advocated for an evidence-based approach to all regulatory action under Australian consumer law.

We have also argued that agencies such as the ACCC should consider introducing “best-practice” guidelines for online search providers and comparison shopping services in relation to the use of labelling and disclaimers to clearly identify source and affiliation, in order to minimise consumer confusion.

In the United States, the Federal Trade Commission issued similar guidelines about how these services should operate, and stated that failure to adequately distinguish between these different kinds of results may constitute a deceptive practice in violation of consumer protection laws. These guidelines provide a good starting point for regulatory agencies in Australia.

We also think further research is warranted that focuses on how different factors influence display of search results. We know this can vary depending on region, user preferences and settings, browsing history and devices used (PC, laptop, tablet or mobile phone).

We believe there is the potential for a more active role for consumer law in the digital ecosystem to address problems emanating from large and powerful platform providers such as Google than it previously has occupied. Perhaps this inquiry is the first step towards that.

However, it will be important for the ACCC to separate out the interests of consumers from the interests of businesses using Google to advertise, and media companies. Sometimes these interests converge, but not always. This can be seen in the recent European Commission investigation into Google’s alleged abuse of a dominant position in the search and advertising markets. These proceedings have resulted in an outcome which may benefit Google’s competitors more than consumers.

The ACCC should be wary about producing the same outcome in its own inquiry, which is expected to produce a preliminary report in December 2018, and a final report in June 2019.


]]> 0
Protecting Sources and Whistleblowers in the Digital Age Mon, 27 Nov 2017 05:05:22 +0000 Continue reading ]]>

Image: Matthew Da Silva

I recently had the pleasure of participating in the Walkley Foundation panel discussion on "Protecting Sources and Whistleblowers in the Digital Age". My co-panelists were Paul Farrell (Buzzfeed, ex-Guardian), Elise Worthington (ABC), with Julie Posetti (ex-Fairfax/ABC) as compere. As well as providing a forum for the panel discussion, the event served as the official release of Julie’s UNESCO study “Protecting Journalism Sources in the Digital Age”.

As the only non-journalist on the panel, I offered a technical perspective on the challenges that journalists face. Over the past few years, I have provided practical technical solutions for several journalists and Australian news organisations to protect their sources and themselves.

This article is by Peter Tonoli and was originally published on Peter's blog. It is republished here under a Creative Commons Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) licence. See the original article. Peter is an EFA Board member and tweets @peter_tonoli.

Julie Posetti opened the event with a brief summary of her UNESCO study and invited panelists to share their initial thoughts on her report. For me, the report underscored the bleak situation journalists face in attempting to protect themselves and their sources. Mass surveillance of Australian journalists and citizens is multifaceted. Among the most prominent forms of Australian mass surveillance are:

  • Governmental – mandatory data retention: where all telecommunications metadata is being stored for two years;
  • Governmental – the “5 Eyes” intelligence alliance, between the US, UK, Canada, Australia and New Zealand, where governments outsource surveillance of their citizens through alliance members, and share that surveillance with their counterparts;
  • Corporate – such as Facebook, Google and Twitter, organisations who have a voracious appetite Hoovering up even the smallest details about their users.

Governmental surveillance is increasing each year; the tightening of national security and anti-terrorism legislation is continually used as justification to erode citizens’ rights. Prima facie, governmental surveillance breaches Article 17 of the International Covenant on Civil and Political Rights, guaranteeing privacy. Article 17 specifies, “individuals have the right to share information and ideas with one another without interference by the State, secure in the knowledge that their communication will reach and be read by the intended recipients alone.”

Corporate entities make whistleblowing difficult by disincentivising anonymity. Facebook has a ‘real name’ policy, where ‘pretending to be anything or anyone’ is not allowed. Twitter only gives accounts a ‘verified’ status if they have provided a verified email address, phone number, and birth date. Furthermore, these corporate policies foster suspicion and prompt members of society to shun, or question those who use anonymity. Together with the overt effects, corporates often insinuate those who use anonymising networks, such as Tor, are up to no good, simply because they choose not to reveal their true identity.

Society has stigmatised protection of privacy, such that, those who are pseudonymous, and use privacy protection tools—such as Tor— are labelled pejoratively as ‘paranoid’, at the very least. The collarary is, those who are labelled as paranoid, can only be so labelled if they are not being actively surveiled. With government metadata retention, and wholesale capture of data by the 5EYES agreement, all citizens and journalists are rightly justified in protecting their identity and using anonymity systems.

In Australia journalists are theoretically protected by ‘shield laws’, which protect them from government interference that forces them to reveal confidential sources. Ideally, shield laws also protect whistleblowers by proxy, however shield laws have lost their efficacy in today’s environment of mass surveillance. Mass surveillance facilitates accessing suspected whistleblowers metadata and examining it for interactions with the publishing journalist, allowing whistleblowers to be outed. Current mass surveillance practices do not simply create an exception where communications to or from a journalist are expunged. For example, the Australian Federal Police accessed Paul Farrell’s metadata, without a warrant, to seek his sources.

The current narrow legal definitions of the term ‘journalist’ further diminish the effectiveness of shield laws. In the past ten years, the journalism industry has been disrupted, with a massive increase in the number of journalists who freelance, not to mention the fine line that has appeared between professional journalists and bloggers/tweeters like Behrouz Boochani.

Julie Posetti asked how I would respond to a potential whistleblower wanting to maximise their chances of remaining protected from exposure. While each scenario is different, ranging from a worker blowing the whistle on poor governance within council, to explosive releases such as those released by Edward Snowden, there are a few tips:

  • Whistleblow to a journalist that has a proven history of protecting sources, such as Paul Farrell, or the ABC Four Corners team. At the very least, contact journalists who provide secure channels for initial contact—I notice ever increasingly journalists on Twitter have added Signal or Wikr contact details in their Twitter bios.
  • Minimise your digital footprint. Try to use analogue methods of communication, such as dead drops, transmission of material through the post, or meeting in person (without electronic devices/phones being present).

Citizens and journalists need to provide ‘herd immunity’, by using anonymising and privacy enhancing technologies all or most of the time, not just when requiring privacy. Increasing use of these technologies also results in:

  • Normalising these technologies, resulting a reduction, and hopefully a removal in the stigma that only ne’er-do-wells use these technologies.
  • Ensuring that journalists and citizens can use these technologies with a high degree of confidence—with that high degree of confidence, improved productivity will result.
  • Increasing expertise throughout the journalistic profession. This expertise will facilitate journalists teaching their peers, filling an ever-increasing hole in training capabilities in media organisations due to ever diminishing income for media organisations.

Other aspects of using technology to protect sources that were mentioned by the panel were:

  • Tails - The Amnesic Incognito Live System. Tails is an operating system designed from the ground up for anonymity and privacy. Tails can be used in most PC’s, and can run from a USB stick. The significance of using a USB stick means that Tails users don’t have to reformat their computer to use Tails. Tails has the Tor anonymising browser, encryption utilities, as well as utilities for cleaning and working on sensitive documents.
  • Journalists using a dedicated phone for Signal, without a SIM card, that sits in the journalists’ office, ready for contact by whistleblowers.

On a final note, during the panel discussion, Paul mentioned that the privacy of Australian journalists is less compromised than in other jurisdictions. To some extent I agree with Paul, however, journalists and citizens must remain vigilant to ensure the situation in Australia does not descend to the poor standards faced in other jurisdictions.


]]> 0
Will Facebook’s new image abuse tool really work? Tue, 21 Nov 2017 01:54:24 +0000 Continue reading ]]> A couple of weeks back (with the help of Electronic Frontiers Australia & conference organisers), I attended the inaugural Safety on the Edge Conference hosted by the Office of the eSafety Commissioner. The eSafety Office falls under the Communications and Arts portfolio as it deals with regulation of internet content - an historically contentious topic for civil liberties groups.

The original scope of the eSafety Office was a focus on the welfare of children online, however after noting the prevalence of online abuse issues faced by adults, the agency was recently given funding to widen its scope.

This article is by and is the copyright of Rosie Williams, a citizen journalist who works on a range of issues, including data ethics and online safety. It was originally published on her The Little Bird blog and is republished here with permission. She the original article. Rosie is also very active on Twitter @Info_Aus.

Research used by the eSafety Office found image-based abuse has become a major issue facing internet users:

The research shows victims’ intimate images were most commonly shared without consent on popular social media sites. Facebook/Messenger accounted for 53%, followed by Snapchat at 11% and then Instagram at 4%. Text messaging and MMS were other common channels for distribution.

Earlier in the year, the office launched their online portal for reporting image-based abuse but used the more recent conference to announce the rollout of an additional tool aimed at pre-empting abuse.

The additional functionality is the result of a pilot partnership between Facebook and the eSafety office with Australia the first jurisdiction to trial the technology which offers assistance to people worried someone may be about to share their intimate images against their wishes.

In order to trigger the functionality, potential victims must first make a report through the eSafety Office portal. The potential victim must then send images they are worried will be shared to themselves via FB messenger and Facebook will create a special code (called a hash) unique to each image that will be used to detect attempts to send it on Facebook and prevent unauthorised sharing.

The tool received a round of applause from the sold-out conference room but has received a very mixed response from the media (and among my network of technical experts). The issues raised by concerned community members are elaborated well in this article in The Conversation.

The most obvious concerns question the invitation to share nude photos as a measure aimed at securing one’s privacy. TechCrunch suggests it would make more sense to provide a way for users to hash the image themselves rather than have them upload it and have Facebook do it on their behalf.

The main technical questions revolve around the limitations of the hashing function given that changing an image also changes the hash. The worry is that all an abuser would have to do is make relatively minor changes to the image/s and be free to go on sharing as they please.

Of the two forms of hashing available, it seems based on comments by Alex Stamos that the more robust photoDNA is being used which is resistant to simple changes rather than cryptographic hashing which would fail if even a single pixel was changed.

Chief Security Officer Alex Stamos used his personal Twitter account to discuss the limitations of the technology in this thread.

It may be the case that the use of photoDNA (as opposed to cryptographic hashing) is the reason why the hashing needs to be done at Facebook’s end and not by the potential victim. Alex Stramos (and the Wikipedia explanation) make clear there is some flexibility in the tool to cope with small changes but it would be good to hear more detail on exactly what kinds of image alterations the tool can deal with and which it can not.

Most of the articles on the tool to date have come from more mainstream channels so it would be helpful to hear more expert opinion that can provide a solid basis to inform decisions by potential victims and their advocates of the level of confidence we can have in using or recommending the tool.

I look forward to more information.

]]> 0
Despite a victory on IP, the TPP's resurgence hasn't cured its ills Sun, 12 Nov 2017 01:08:17 +0000 Continue reading ]]>

Image: Chambosan/Shutterstock

Ever since the United States withdrew from the Trans-Pacific Partnership (TPP) back in January, the remaining eleven countries have been quietly attempting to bring a version of the agreement into force. Following some initial confusion,it was announced on Friday that they have reached an "agreement in principle" on "core elements" of a deal.

Even so Canada's trade minister, Canada's trade minister, Francois-Philippe Champagne confirmed that the agreement is far from being finalised, recognising that more work was needed on some key issues. Meanwhile the TPP has been renamed as the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) and the official Ministerial statement, including the schedule of suspended provisions, was released yesterday.

This article is by Jeremy Malcolm and Jyoti Panday, and was originally published on EFF's Deeplinks blog. It is republished here under a Creative Commons CC-BY licence and has been slightly edited for spelling and context. See the original article.

We now know that almost the entire Intellectual Property (IP) chapter that had been the source of some of the most controversial elements of the original agreement has been suspended. Back in August, EFF wrote to the TPP ministers explaining why it would make no sense to include copyright term extension in the agreement, because literally none of the remaining parties to the TPP would benefit from doing so. The apparent decision of the eleven TPP countries to exclude not only the copyright provisions, but nearly the entire IP chapter from the agreement, more than vindicates this. As we have explained at length elsewhere, IP simply isn't an appropriate topic to be dealt with in trade negotiations, where issues such as the length of copyright and bans on circumventing DRM are traded off with totally unrelated issues like dairy quotas and sources of yarn used in garment manufacturing.

It is important to note that the agreement's IP chapter has only been "suspended". Ever since the U.S. pulled out of the TPP, the other countries involved have been trying to salvage the deal by suspending contentious elements. Suspending issues is a common tactic in trade negotiations as it allows countries to declare victory, despite major areas of disagreement. Moroeover, suspending provisions does not stop countries from discussing them. As Michael Geist has pointed out the IP chapter may still be subject to negotiation as part of working groups.

At present there is also little clarity on how the suspension of provisions would be treated if the U.S joins back to the agreement. The eleven countries could ratify an agreement that automatically reinstates these provisions when the U.S. comes back. If the countries end up being bound by provisions that they have not agreed to because of the U.S. joining back, the suspension of the IP chapter would not count for much.

Nevertheless, the exclusion of so much of the IP chapter at this stage of the negotiations is a strong rejection of US-oriented provisions and a good sign for copyright standards being discussed at other trade venues. Canada, which has the second biggest economy among remaining TPP countries after Japan is simultaneously negotiating the North American Free Trade Agreement (NAFTA) and will need to ensure consistency across NAFTA and TPP. Other TPP nations such as Vietnam and Japan are involved in the Regional Comprehensive Economic Partnership (RCEP) negotiations.

Although the IP chapter was the worst of the TPP, it was not the only concerning part of the agreement for users. There are provisions elsewhere in the agreement that pose a threat to user rights and that we remain concerned about. For example, the telecommunications chapter establishes a hierarchy of interests where unfettered trade in telecommunications services and measures to protect the security and confidentiality of messages are prioritised over privacy of personal data of users. The investment chapter includes an investor-state dispute settlement (ISDS) process which enables multinational companies to challenge any new law or government action at the federal, state, or local level, in a country that is a signatory to the agreement. The inclusion of such provisions not only don't make sense in trade agreements but is also an affront to democracy and a threat to any law designed to protect the public interest. The electronic commerce chapter, with its weak support for privacy, its toothless provisions on net neutrality, and the poor trade-off made between access to source code of imported products, and the security of end users also remains part of the agreement and is unlikely to change much.

Any renegotiation of the agreement can only be successful if member states improve upon and fix the broken process of trade negotiations that led us to the point. The TPP negotiations have been carried out in secret, without public participation or even visibility into the draft document, although corporate lobbyists had direct access to the texts and the ability to influence the agreement. Even when member states have initiated consultations on the TPP at the national level, brief consultation periods between submissions and ministerial meetings has left stakeholders frustrated and with the sense that it is just "consultation theatre". The only way we can trust that the TPP agreement will reflect users' interests is if the reopened negotiations are inclusive, transparent, balanced and create avenues for meaningful consultation and participation from stakeholders.

The decision to exclude some of the most dangerous threats to the public's rights to free expression, access to knowledge, and privacy online is a big win for users, if indeed the TPP countries follow through with that decision as now seems likely. However, the TPP was, and remains, a bad model for Internet regulation.

EFA has also been active in opposing elements of the TPP for some years. In August we wrote to Australian Trade Minister Steve Ciobo in relation to the copyright and ecommerce chapters, and just last week, we reiterated those concerns.

]]> 0
You may be sick of worrying about online privacy, but 'surveillance apathy' is also a problem Thu, 09 Nov 2017 22:11:49 +0000 Continue reading ]]>

Do you care if your data is being used by third parties? Image:

We all seem worried about privacy. Though it’s not only privacy itself we should be concerned about: it’s also our attitudes towards privacy that are important.

When we stop caring about our digital privacy, we witness surveillance apathy.

And it’s something that may be particularly significant for marginalised communities, who feel they hold no power to navigate or negotiate fair use of digital technologies.

This article is by Siobhan Lyons, from Macquarie University and was originally published on The Conversation. It is republished here under a Creative Commons CC-BY-SA licence. See the original article.

In the wake of the NSA leaks in 2013 led by Edward Snowden, we are more aware of the machinations of online companies such as Facebook and Google. Yet research shows some of us are apathetic when it comes to online surveillance.

Privacy and surveillance

Attitudes to privacy and surveillance in Australia are complex.

According to a major 2017 privacy survey, around 70% of us are more concerned about privacy than we were five years ago.

Snapshot of Australian community attitudes to privacy 2017. Office of the Australian Information Commissioner

And yet we still increasingly embrace online activities. A 2017 report on social media conducted by search marketing firm Sensis showed that almost 80% of internet users in Australia now have a social media profile, an increase of around ten points from 2016. The data also showed that Australians are on their accounts more frequently than ever before.

Also, most Australians appear not to be concerned about recently proposed implementation of facial recognition technology. Only around one in three (32% of 1,486) respondents to a Roy Morgan study expressed worries about having their faces available on a mass database.

A recent ANU poll revealed a similar sentiment, with recent data retention laws supported by two thirds of Australians.

So while we’re aware of the issues with surveillance, we aren’t necessarily doing anything about it, or we’re prepared to make compromises when we perceive our safety is at stake.

Across the world, attitudes to surveillance vary. Around half of Americans polled in 2013 found mass surveillance acceptable. France, Britain and the Philippines appeared more tolerant of mass surveillance compared to Sweden, Spain, and Germany, according to 2015 Amnesty International data.

Apathy and marginalisation

In 2015, philosopher Slavoj Žižek proclaimed that he did not care about surveillance (admittedly though suggesting that “perhaps here I preach arrogance”).

This position cannot be assumed by all members of society. Australian academic Kate Crawford argues the impact of data mining and surveillance is more significant for marginalised communities, including people of different races, genders and socioeconomic backgrounds. American academics Shoshana Magnet and Kelley Gates agree, writing:

[…] new surveillance technologies are regularly tested on marginalised communities that are unable to resist their intrusion.

A 2015 White House report found that big data can be used to perpetuate price discrimination among people of different backgrounds. It showed how data surveillance “could be used to hide more explicit forms of discrimination”.

According to Ira Rubinstein, a senior fellow at New York University’s Information Law Institute, ignorance and cynicism are often behind surveillance apathy. Users are either ignorant of the complex infrastructure of surveillance, or they believe they are simply unable to avoid it.

As the White House report stated, consumers “have very little knowledge” about how data is used in conjunction with differential pricing.

So in contrast to the oppressive panopticon (a circular prison with a central watchtower) as envisioned by philosopher Jeremy Bentham, we have what Siva Vaidhyanathan calls the “crytopticon”. The crytopticon is “not supposed to be intrusive or obvious. Its scale, its ubiquity, even its very existence, are supposed to go unnoticed”.

But Melanie Taylor, lead artist of the computer game Orwell (which puts players in the role of surveillance) noted that many simply remain indifferent despite heightened awareness:

That’s the really scary part: that Snowden revealed all this, and maybe nobody really cared.

The Facebook trap

Surveillance apathy can be linked to people’s dependence on “the system”. As one of my media students pointed out, no matter how much awareness users have regarding their social media surveillance, invariably people will continue using these platforms. This is because they are convenient, practical, and “we are creatures of habit”.

Are you prepared to give up the red social notifications from Facebook? nevodka/shutterstock

As University of Melbourne scholar Suelette Dreyfus noted in a Four Corners report on Facebook:

Facebook has very cleverly figured out how to wrap itself around our lives. It’s the family photo album. It’s your messaging to your friends. It’s your daily diary. It’s your contact list.

This, along with the complex algorithms Facebook and Google use to collect and use data to produce “filter bubbles” or “you loops” is another issue.

Protecting privacy

While some people are attempting to delete themselves from the network, others have come up with ways to avoid being tracked online.

Search engines such as DuckDuckGo or Tor Browser allow users to browse without being tracked. Lightbeam, meanwhile, allows users to see how their information is being tracked by third party companies. And MIT devised a system to show people the metadata of their emails, called Immersion.

Surveillance apathy is more disconcerting than surveillance itself. Our very attitudes about privacy will inform the structure of surveillance itself, so caring about it is paramount.

]]> 0
It's just not cricket: setting the tone on cyber abuse Wed, 08 Nov 2017 00:17:49 +0000 Continue reading ]]> In an exciting move forward, digital rights organisation Electronic Frontiers Australia has elected it’s first ever female leadership. Lyndsey Jackson and long time EFA member Katherine Phelps take their positions as chair and vice-chair respectively as the organisation moves forward to address the challenges that affect Australians online.

Having recently joined the EFA Policy Team, my first effort has been to suggest the organisation take a more proactive position one of the issues that affect the way many people experience digital life: online abuse and digital stalking. The result is the establishment of a new working group for online abuse.

This article is by and is the copyright of Rosie Williams, a citizen journalist who works on a range of issues, including data ethics and online safety. It was originally published on her The Little Bird blog and is republished here with permission. She the original article. Rosie is also very active on Twitter @Info_Aus.

A Pew Research Centre Survey published this year found that around 4 in 10 Americans had experienced online harassment but this experience varies by age and gender and research by Australia’s eSafety Commissioner found that 1 in 5 of 16-50 year olds have experienced image based abuse. While men are more likely to be harassed online, women are most likely to experience sexual harassment with over half of young women surveyed receiving unwanted explicit photos. Political views, gender and race are the top reasons why people say they are harassed. Women are overwhelmingly the victims of image based abuse, popularly called revenge-porn and minority groups are disproportionately the victims of online hate.

Concerned with the erosion of civil behaviour online, Australians Belinda Kheir and Kathie Melocco established a grassroots movement, The Respect Campaign to help victims facing the devastating impacts of online abuse and ran the world’s first virtual summit focusing on cyber abuse as a workplace health and safety issue.

For their part, the government has put together the Online Safety on the Edge conference providing workshops to community groups and researchers alike as well as introducing laws and an education and online reporting platform to help women address the non-consensual sharing of images, stalking and other problems relating to our use of technology. But what is cyber abuse?

When Monica Lewinsky famously stated ‘Millions of people can stab you with their words‘ she was giving voice to the way in which technology is used to amplify abuse which may begin with a sole perpetrator but end up in permanent crowdsourced pile-ons of the kind that expose the very worst humanity has to offer.

Emma Jane became an expert in online abuse after being one of its earliest victims as a media professional. Dr Jane now researches online abuse at UNSW, producing work like the Online Rape Threat Generator that confronts the staid academic world with the gory realities of what her team calls ‘rape-glish’.

Online abuse or cyberbullying ranges across a spectrum from offensive online comments to impersonation, defamation and up to sextortion, doxing, SWATTing (below) or death threats. Cyber abuse is something that can affect victims in both their personal and professional lives. For those experiencing an unsafe family relationship, digital stalking, online shaming, defamation is being used make people suffer fear, anxiety and shame or even extort money from victims.

The kinds of public shaming used as a weapon by offenders also impacts people’s public and professional life. Women can be targeted by organised online trolling and automated abuse by complete strangers for their political views. Media professionals such as Ginger Gorman, Tara Moss are playing an active role in describing the abuse women face, often in their working lives and raising the issue of the responsibility of employers in protecting employees.

Recently, HSC students were outed for perpetrating online abuse against writers whose texts had been selected for use in exams, demonstrating just how prevalent is the culture of using the internet for harassment and abuse.

In a world where the public sphere is being increasingly mediated by powerful multi-nationals who are unwilling or unable to remove most of the abusive content posted to their platforms, our everyday life has become inextricably dominated by their standards and culture. As the internet and social media become part of the roles we perform as volunteers or professionals, the issue moves from a problem of the individual to a workplace health and safety issue.

Employers have a legal obligation to provide a safe workplace. According to the recent Cyber Health Summit, cyber bullying can and does result in workplace injury and is subject to WorkCover claims. Experts say taking a wait and see approach to cyber safety in the workplace is an expensive option as risk analysis shows that it is cheaper for workplaces to take pre-emptive measures to avoid and respond properly to abuse. Workplaces need a social media governance framework which provide policies for social media use including a disaster management plan. You can engage experts to help you prepare your workplace for the digital age.

A veteran with 30 years in Victoria Police and now specialising in online abuse, Susan Mclean says any comments received or generated via social media by employees that are discriminatory are a criminal offence. The inclusion of disclaimers on personal media profiles of the ‘opinions are my own’ type hold no legal weight she says. McLean also admits that while people need to report cyber abuse, that the quality of response is akin to a ‘postcode lottery’ in that awareness of cyber abuse issues among police is inconsistent.

Criminal law varies by jurisdiction in how they define and respond to technology-enabled abuse but stalking (which is now often carried out via technological means) is outlawed in all Australian jurisdictions. Image-based abuse can be actioned under various state and federal laws summarised in this article by Terry Goldsworthy.

Cyber abuse is not a niche issue. Whether you are a law enforcement officer, parent, teacher or student, employer, employee or volunteer, online abuse can become an issue for you as a potential victim or offender and probably will at some point in your life.

As individuals we need to keep abreast of new laws and for those of us with organisational affiliations, we need to begin to set the tone that online abuse is not free speech. A positive step forward would be for digital rights organisations to use their position as leaders in policy to take a clear stance that online abuse is just not cricket.

Are you interested in contributing to EFA's work on these or other policy issues? If so, please complete our Volunteer Form.

]]> 1
Australian Government must reinstate phone and internet access to asylum seekers Mon, 06 Nov 2017 07:08:55 +0000 Continue reading ]]> Digital Rights Watch Australia and Electronic Frontiers Australia today urge the Australian Government to ensure that the human rights of asylum seekers and refugees being held in offshore detention camps on Manus Island (Papua New Guinea) and Nauru are respected.

The Australian Government’s offshore processing system which has established these camps has resulted in violations of various rights protected under international human rights treaties to which Australia is a party, including the Universal Declaration of Human Rights (UDHR) and the International Convention on Civil and Political Rights (ICCPR).

Angela Daly from Digital Rights Watch Australia said, "The United Nations High Commissioner for Refugees has made it very clear that Australia has an ongoing responsibility to the individuals whom it has transferred to Manus and Nauru under this system. This includes their right to communicate by phone and Internet."

EFA Chair Lyndsey Jackson said, "The detainees on Manus and Nauru do not have adequate access to phone and Internet communications, in breach of their right to free expression. Australia needs to honour its obligations under these treaties, in particular Article 19 of the UDHR and ICCPR which guarantees the right to free expression, including the freedom to seek, receive and impart information and ideas of all kinds. In particular, Australia should reinstate asylum seekers phone and internet communications in the Manus Island camp, which have recently been removed."

]]> 0
EFA elects first female leadership team Mon, 16 Oct 2017 04:52:14 +0000 Continue reading ]]> Electronic Frontiers Australia, the country’s leading digital rights organisation, is proud to announce that its Board has elected its first female leadership team.

Lyndsey Jackson was elected unopposed as the new Chair of EFA at a Board meeting held on Sunday 15th October. Katherine Phelps was elected as the new vice-Chair.

Lachlan Simpson was also elected as Secretary and Shaun Haddrill continues in the Treasurer’s position to which he was appointed in July 2017.

Ms Jackson said, “It is an honour, and it marks a significant point in the history of EFA to be the first woman to be elected to this role. To be supported in this role by new Vice-Chair Katherine Phelps is particularly gratifying, as we are both passionate about encouraging and supporting women to take on leadership roles in civil society.

“I look forward to working with the board and the EFA membership to ensure that EFA remains a champion of digital rights in our communities, both here in Australia and throughout the world.

“I would also like to note the significant contribution over many years of our outgoing Chair David Cake, as well as our other outgoing Board members and look forward to their continuing contribution to the organisation in a variety of contexts.”


]]> 0