Wmy2k7

Since the tragedy in Boston three weeks ago, there has been much talk in the media and political circles about technology that helped capture the suspects, the role of surveillance, and the critical issue of how privacy should be handled in the digital age. Yet the public facts known so far do not call for new governmental surveillance powers or tools.  Instead, the investigation supports the conclusion that the government’s current actions did not cross the Fourth Amendment line, and complying would not harm future terrorism investigations.

First, the familiar attempt to throw privacy out the window: The Mayor of New York City Michael Bloomberg led the way last week, saying that, despite privacy concerns, “our laws and our interpretation of the Constitution, I think, have to change.” NYPD chief Ray Kelly echoed Bloomberg,  saying, "I think the privacy issue has really been taken off the table," in reference to surveillance after the bombings in Boston.

Bloomberg said terrorists “want to take away our freedoms,” yet his solution seems to be the government should take our freedoms away first. This is folly, and the very reduction of privacy and freedom is what could give victory to terrorism. 

In an excellent and poignant column immediately after the bombing, security expert Bruce Schneier wrote in The Atlantic about the reaction we all should have: “When we react from fear, when we change our laws and policies to make our country less open, the terrorists succeed, even if their attacks fail.” He continued: “there's one thing we can do to render terrorism ineffective: Refuse to be terrorized.”

To Schneier’s point, the risk of terrorism is on the decline and has been since the 1970s, according to the Global Terrorism Database. And a report by the National Counterterrorism Center (NCTC) showed the risk of Americans being killed in terrorism attacks that occur worldwide is exceedingly low. Of the 13,288 people killed by terrorist attacks in 2011, 17 were private U.S. citizens—.001 percent. In fact, you are far more likely to be struck by lightning than be killed by a terrorist.

These calls for less privacy also tend to ignore the fact that we’ve already given away a tremendous amount of our privacy since 9/11, despite the relatively low risk of terrorism in comparison to all sorts of other crime and causes of death, and have little additional safety to show for it. The PATRIOT Act, the FISA Amendments Act, the NSA’s warrantless wiretapping, National Security Letters, or others were all implemented with the promise that giving up liberty would increase our safety.  The NYPD now has a “Domain Awareness System,” which “allows officers to tap into live video camera feeds, 911 calls, mapped crime statistics, and license plate readers” all at once—with little oversight. And those are just a few of the programs we know about.

While most of these programs are still tremendously secret, the information we do have indicates that they have been abused many times. The NYPD, for instance, has been widely criticized for its post-9/11 pervasive surveillance. Read the Associated Press’ Pulitzer Prize winning series for more.

Let’s focus on just two areas that the Boston bombing brought to the forefront. 

Government Surveillance Cameras

First, do the facts support a call for increased government surveillance cameras?  No, they do not.

There’s certainly been an epidemic of media support for cameras in the aftermath of the Boston attack.  We suspect that companies selling cameras are already lining up outside the doors of state and municipal officials hoping to snare some tax dollars from panicky officials.

But as many others have pointed out, it is important to remember, despite the fact that the bombers were surrounded by dozens of cameras, the cameras did not prevent the bombing.  This is consistent with what has occurred in other such attacks, including the attacks in the subway in camera-happy London.

Cameras were quite helpful, along with other evidence, including eye-witnesses, in identifying the suspects after the fact. But importantly, the footage that identified the suspects didn’t come from government cameras – it came from private ones, volunteered from businesses and individuals, and provided more than enough to identify two people in days. 

Why? Private cameras provide an informal check on government misuse. In a case like the Boston Marathon bombing, people wanted to help the government solve the heinous crime.  It wasn’t hard for the government to collect terabytes of volunteered information.  Yet private entities might be much more reticent to volunteer their photos and videos in the case where the government was overreaching or oppressive.  If the authorities still want those private photos and videos, they can seek it through legal process, but allowing people to decide in the first instance when to share their private videos and photos with the government can serve as an important check on governmental overreach.

Finally, unless there is an emergency, private photos and videos usually remain in private hands, even if sometimes publicly available on private websites. Government surveillance footage is increasingly being organized and combined with other government information and used in ways that we often have no knowledge of, much less control over. 

One of EFF’s longstanding concerns with untargeted, automatic government collection of information about people is the secondary uses. That is, the government desires to keep, correlate and analyze data about nonsuspect, innocent Americans—whether it’s surveillance cameras in public places, license plate readers or warrantless wiretapping—just in case you fall under criminal suspicion. 

Private photos and videos can also be collected and collated, of course, but the systemic governmental systems are more worrisome, and likely create more of a chilling effect on Americans in their exercise of their rights to free speech, than disparate, private photos and videos.

Cell Phone Tracking

Second example: the police use of cellphone tracking to follow the car hijacked by the Boston suspects. The owner of the car had left his cell phone in it after the hijacking and, with the owner’s permission, the police used it to locate the car.

Once again, no additional police powers were needed.  The private citizen, the carjacking victim said he gave the police permission to locate his phone, something that is not surprising given the situation.  But even if the police were seeking to locate the suspects' cell phones, this should not have been a problem. Even assuming they did not have enough information initially, once the carjacking victim had contacted the authorities, there was probably cause for a warrant due to the theft of the vehicle and—due to the suspects' confession to the victim—the MIT murder and bombing.

EFF has long been saying that the Fourth Amendment should require the police to get a warrant when tracking cellphones, as well as pushing for legislation  that would formalize this. Requiring the government to follow the warrant rules in seeking cell phone locations wouldn’t have hurt the Boston investigation, but it would protect many, many people. 

Last year alone, local, state and federal law enforcement agencies requested cell phone data a shocking 1.3 million times. Much of that time, it was location data without a warrant. In emergency situations like Boston it’s important for police to act quickly, but in the course of normal investigations the oversight and limits provided by the warrant requirement are just as paramount.

The capture of the Boston suspect was made possible by old-fashioned police work and the willingness of the public to help in such a trying time. Technology surely assisted in this effort, but it’s important to note where it was and was not helpful, and to ensure that we don’t let the few dramatic situations lead us to downgrade our own privacy in everyday law enforcement situations.

Co-Authored with Peter Bibring, Senior Staff Attorney at the ACLU of Southern California

Law enforcement agencies are increasingly using sophisticated cameras, called “automated license plate readers” or ALPR, to scan and record the license plates of millions of cars across the country. These cameras, mounted on top of patrol cars and on city streets, can scan up to 1,800 license plate per minute, day or night, allowing one squad car to record more than 14,000 plates during the course of a single shift.

Photographing a single license plate one time on a public city street may not seem problematic, but when that data is put into a database, combined with other scans of that same plate on other city streets, and stored forever, it can become very revealing. Information about your location over time can show not only where you live and work, but your political and religious beliefs, your social and sexual habits, your visits to the doctor, and your associations with others. And, according to recent research reported in Nature, it’s possible to identify 95% of individuals with as few as four randomly selected geospatial datapoints (location + time), making location data the ultimate biometric identifier.

To better gauge the real threat to privacy posed by ALPR, EFF and the ACLU of Southern California asked LAPD and LASD for information on their systems, including their policies on retaining and sharing information and all the license plate data each department collected over the course of a single week in 2012. After both agencies refused to release most of the records we asked for, we sued. We hope to get access to this data, both to show just how much data the agencies are collecting and how revealing it can be.

ALPRs are often touted as an easy way to find stolen cars — the system checks a scanned plate against a database of stolen or wanted cars and can instantly identify a hit, allowing officers to set up a sting to recover the car and catch the thief.  But even when there’s no match in the database and no reason to think a car is stolen or involved in a crime, police keep the data. According to the LA Weekly, LAPD and LASD together already have collected more than 160 million “data points” (license plates plus time, date, and exact location) in the greater LA area—that’s more than 20 hits for each of the more than 7 million vehicles registered in L.A. County. That’s a ton of data, but it’s not all  — law enforcement officers also have access to private databases containing hundreds of millions of plates and their coordinates collected by “repo” men.

Law enforcement agencies claim that ALPR systems are no different from an officer recording license plate, time and location information by hand. They also argue the data doesn’t warrant any privacy protections because we drive our cars around in public. However, as five justices of the Supreme Court recognized last year in US v. Jones, a case involving GPS tracking, the ease of data collection and the low cost of data storage make technological surveillance solutions such as GPS or ALPR very different from techniques used in the past.

Police are open about their desire to record the movements of every car in case it might one day prove valuable.  In 2008, LAPD Police Chief Charlie Beck (then the agency’s chief of detectives) told GovTech Magazine that ALPRs have “unlimited potential” as an investigative tool.  “It’s always going to be great for the black-and-white to be driving down the street and find stolen cars rolling around . . . . But the real value comes from the long-term investigative uses of being able to track vehicles—where they’ve been and what they've been doing—and tie that to crimes that have occurred or that will occur.”  But amassing data on the movements of law-abiding residents poses a real threat to privacy, while the benefit to public safety is speculative, at best.

In light of privacy concerns, states including Maine, New Jersey, and Virginia have limited the use of ALPRs, and New Hampshire has banned them outright.  Even the International Association of Chiefs of Police has issued a report recognizing that “recording driving habits” could raise First Amendment concerns because cameras could record “vehicles parked at addiction-counseling meetings, doctors' offices, health clinics, or even staging areas for political protests.”

But even if ALPRs are permitted, there are still common-sense limits that can allow the public safety benefits of ALPRs while preventing the wholesale tracking of every resident’s movements.  Police can and should treat location information from ALPRs like other sensitive information — they should retain it no longer than necessary to determine if it might be relevant to a crime, and should get a warrant to keep it any longer.  They should limit who can access it and who they can share it with.  And they should put oversight in place to ensure these limits are followed.

Unfortunately, efforts to impose reasonable limits on ALPR tracking in California have failed so far. Last year, legislation that would have limited private and law enforcement retention of ALPR data to 60 days—a limit currently in effect for the California Highway Patrol — and restricted sharing between law enforcement and private companies failed after vigorous opposition from law enforcement. In California, law enforcement agencies remain free to set their own policies on the use and retention of ALPR data, or to have no policy at all.

Some have asked why we would seek public disclosure of the actual license plate data collected by the police—location-based data that we think is private.  But we asked specifically for a narrow slice of data — just a week’s worth — to demonstrate how invasive the technology is.  Having the data will allow us to see how frequently some plates have been scanned; where and when, specifically, the cops are scanning plates; and just how many plates can be collected in a large metropolitan area over the course of a single week. Actual data will reveal whether ALPRs are deployed primarily in particular areas of Los Angeles and whether some communities might therefore be much more heavily tracked than others. If this data is too private to give a week’s worth to the public to help inform us how the technology is being used, then isn’t it too private to let the police amass years’ worth of data without a warrant?

After the Boston Marathon bombings, many have argued that the government should take advantage of surveillance technology to collect more data rather than less. But we should not so readily give up the very freedoms that terrorists seek to destroy. We should recognize just how revealing ALPR data is and not be afraid to push our police and legislators for sensible limits to protect our basic right to privacy.

Documents

EFF and ACLU-SC's legal Complaint

LA Sheriff's Department ALPR Powerpoint Presentation

LA Sheriff's Department - Automated License Plate Reader System Information

LAPD - Automated License Plate Reader User Guide

LA Sheriff's Department - Field Operations Directive

Last week, Mozilla took an important step in the fight against the proliferation of pervasive surveillance technologies by sending a cease and desist letter to Gamma International, demanding Gamma stop using Mozilla’s trademark. Gamma makes the notorious Finspy and Finfisher malware that has ended up in the hands of authoritarian regimes.  Citizen Lab’s Morgan Marquis-Boire has spearheaded research showing that Finspy tries to trick users by using the Mozilla Firefox name to masquerade as legitimate software.

As Marquis-Boire detailed last year, once FinFisher is on a user’s computer, the attacker can see everything the user can, log every key stroke and access every file on the device. FinFisher products can even remotely turn on the user’s webcam or microphone in a cell phone without the user’s knowledge.

Mozilla wrote in a blog post, “We’ve sent Gamma a cease and desist letter today demanding that these illegal practices stop immediately.”

Trademark owners often abuse the law to stifle free speech and put competitors at a disadvantage. Gamma’s actions here, however, are exactly what trademark laws are designed to address: consumer deception, and especially the kind of deception that can cause serious harm.   Given that Firefox is a leading producer of privacy enhancing technologies, they wrote they “cannot abide a software company using our name to disguise online surveillance tools that can be – and in several cases actually have been – used by Gamma’s customers to violate citizens’ human rights and online privacy.”

Gamma and FinFisher first made headlines in 2011 after the fall of Hosni Mubarak in Egypt. Documents found in an abandoned state security building showed that Gamma provided Mubarak with a five-month trial of their sophisticated spying technology, most notably FinSpy, which can wiretap encrypted Skype phone calls and instant messages.

Last year, the New York Times reported that Bahraini democracy activists found FinFisher spyware on their mobile devices. FinFisher denied they had sold to Bahrain, saying the Trojan was a stolen demo copy.

Two of the same researchers who analyzed the Bahraini spyware, Marquis-Boire and Bill Marczak, teamed up with Claudio Guarnieri and John Scott-Railton to publish a report for Citizen Lab last week on these very same surveillance technologies. Their report focused on FinFisher’s reach around the globe, noting, “Our findings highlight the increasing dissonance between [United Kingdom-based Gamma International's] public claims that FinSpy is used exclusively to track ‘bad guys’ and the growing body of evidence suggesting that the tool has and continues to be used against opposition groups and human rights activists.”

Unfortunately, Gamma is far from the only company that sells or produces this type of surveillance malware, as the Citizen Lab report makes clear. And in the United States, the FBI has been attempting to use similar hacking techniques to gather information about suspects under criminal investigation. Two weeks ago, a judge described the capabilities of FBI’s malware in detail:

Once installed, the software has the capacity to search the computer’s hard drive, random access memory, and other storage media; to activate the computer’s built-in camera; to generate latitude and longitude coordinates for the computer’s location; and to transmit the extracted data to FBI agents within this district.

The judge denied the FBI’s request, ruling that the FBI didn’t explain how it would locate and target the suspect’s computer and how it would avoid sending the malware to anyone else.  

One thing is for certain, this problem is not going away. Luckily groups like Citizen Lab and Privacy International are out there fighting every day.

According to the New York Times, President Obama is "on the verge of backing" a proposal by the FBI to introduce legislation dramatically expanding the reach of the Communications Assistance for Law Enforcement Act, or CALEA. CALEA forces telephone companies to provide backdoors to the government so that it can spy on users after obtaining court approval, and was expanded in 2006 to reach Internet technologies like VoIP. The new proposal reportedly allows the FBI to listen in on any conversation online, regardless of the technology used, by mandating engineers build "backdoors" into communications software. We urge EFF supporters to tell the administration now to stop this proposal, provisionally called CALEA II.

The rumored proposal is a tremendous blow to security and privacy and is based on the FBI's complaint that it is "Going Dark," or unable to listen in on Internet users' communications. But the FBI has offered few concrete examples and no significant numbers of situations where it has been stymied by communications technology like encryption. To the contrary, with the growth of digital communications, the FBI has an unprecedented level of access to our communications and personal data; access which it regularly uses. In an age where the government claims to want to beef up Internet security, any backdoors into our communications makes our infrastructure weaker.

Backdoors also take away developers' right to innovate and users' right to protect their privacy and First Amendment-protected anonymity of speech with the technologies of their choice. The FBI's dream of an Internet where it can listen to anything, even with a court order, is wrong and inconsistent with our values. One should be able to have a private conversation online, just as one can have a private conversation in person.

The White House is currently debating whether or not to introduce the bill. Here's why it shouldn't:

There's Little Darkness: Few Investigations Have Been Thwarted

The starting point for new legislation should be a real, serious, and well-documented need. Despite the FBI's rhetoric, there are few concrete examples of the FBI's purported need to expand its already efficient all-seeing eye. Current law requires annual reporting by the Department of Justice (DOJ) regarding the use of the government's wiretapping powers; the report includes statistics on how often Federal law enforcement has been impeded in a court-authorized investigation by encryption or has been unable to access communications. These statistics show that this has happened only rarely. In its most recent report—from 2010—DOJ reported that encryption had only been encountered all of 12 times.

Did the encryption stop the investigation, or even prevent the wiretappers from figuring out what was being said? No. The report admits that in all of these instances, police were able to obtain the plain text of communications. Previous years' numbers are similar. Aside from government reports, in 2012 telecommunications companies also revealed that a very low percentage of law enforcement requests for user information were rejected. In AT&T's case, only 965 out of over 250,000 requests for user information were rejected. Overall, the available public statistics don't appear to support the FBI's claims about its inability to access communications.

Law Enforcement Already Has Unprecedented Access

Any requested expansion of FBI surveillance authority has to consider the overall ability of law enforcement to investigate crimes. What the FBI doesn't mention when pushing new backdoors into our communications is that now, due to the shift to digital communications, law enforcement has an unprecedented level of access to, and knowledge of, the public's communications, relationships, transactions, whereabouts, and movements. Law enforcement now can gain 24/7 monitoring of most people's movements using cell phone location data. But that's just the beginning. A glance at the Wall Street Journal's multi-year What They Know project shows some of the treasure troves of data that are being maintained about all of us. By accessing these databases and by using new electronic surveillance technologies law enforcement already has visibility into almost every aspect of our online and offline lives—capabilities beyond the wildest dreams of police officers just a few decades ago.

Indeed, former White House Chief Counselor for Privacy Peter Swire and Kenesa Ahmad argued persuasively in 2011 that, overall, "today [is] a golden age for surveillance"—regardless of whether law enforcement is assured of automatic access to each and every kind of communication, and regardless of whether individuals sometimes succeed in using privacy technologies to protect themselves against some kinds of surveillance.

First, there's information obtained from cell phones. In July 2012, the New York Times reported that federal, state, and local law enforcement officials had requested all kinds of cell phone data—including mappings of suspects’ locations—a staggering 1.3 million times in the previous year. Cell phone companies can create what amounts to detailed maps of our locations and turn them over to law enforcement. Even without asking for cell phone providers' direct assistance, law enforcement has considerable ability to use mobile devices to track us. Federal and state law enforcement have made extensive use of IMSI catchers (also popularly called “stingrays,” after the brand name of one such device). These devices can act as a fake cell phone tower, observing all devices in a certain area to find a cell phone's location in real-time, and perhaps even intercept phone calls and texts.

Laws compelling companies to divulge user information accompany these techniques. For instance, National Security Letters, served on communications service providers like phone companies and ISPs, allow the FBI to secretly demand stored data about ordinary Americans' private communications and Internet activity without any meaningful oversight or prior judicial review. And Section 215 of the PATRIOT Act allows for secret court orders to collect “tangible things” that could be relevant to a government investigation. The list of possible “tangible things” the government can obtain is seemingly limitless, and could include everything from driver’s license records to Internet browsing patterns. The FBI has even broken into individuals' computers to collect data from inside the computers themselves. More backdoors aren't needed.

Backdoors Make Us Weaker and More Vulnerable

CALEA II will force companies with messaging services—from Google to Twitter to video game developers—to insert backdoors into their platforms. But backdoors only make us weaker and more vulnerable. It's ironic that CALEA II may be proposed only months after Congress pushed “cybersecurity” legislation to protect our networks. The notion of mandating backdoors in software is the antithesis of online security, which is why some academics have called it a “ticking time bomb.”

A proposal to expand backdoors into communications software ensures that online hackers, communications company insiders, and nation-states have a direct entrance to attack—and steal from—companies and government agencies. In one notorious example, someone exploited backdoors in a Greek phone company's systems and recorded sensitive conversations involving the Prime Minister. Wiretapping backdoors even affect national security. In 2012, Wired revealed the NSA's discovery and concern that every telephone switch for sale to the Department of Defense had security vulnerabilities due to the legally-mandated wiretap implementation. If politicians are serious about online security, they will not make these security blunders even worse by bringing more sensitive communication technologies under CALEA's scope.

Just last week, an ad hoc group of twenty renowned computer security experts issued a report explaining their consensus that CALEA II proposals could seriously harm computer security. These experts said that a requirement to weaken security with deliberate backdoors “amounts to developing for our adversaries capabilities that they may not have the competence, access or resources to develop on their own.”

And now the Washington Post has reported that intruders, allegedly working on behalf of the Chinese government, broke into Google's existing surveillance systems. (In this case, the report says that the intruders learned who was targeted by these systems, rather than accessing the contents of the targets' accounts or communications—but it's easy to see that wiretap contents would ultimately represent an even bigger target, and a bigger prize. Even more exciting would be the prospect of remotely activating new wiretaps against victims of an intruder's choice.)

Internet Users Have the Right to Secure Communications

Expanding CALEA is not only a tremendous risk for our online security; it's a slap in the face of Internet users who want to protect themselves online by choosing privacy-protecting software to shield their communications. Ordinary individuals, businesses, and journalists want and often need state-of-the art software to protect their communications in an era of pervasive spying by commercial rivals, criminals, and governments around the world. The government's rhetoric takes us back to the early 1990s when US law enforcement spoke openly of banning secure encryption software to keep it out of the public's hands. EFF and others had to fight—including in the Federal courts—to establish the principle that publishing and using encryption tools is an essential matter of individual freedom and protected by the First Amendment.

Once those “crypto wars” were over, the US government seemed to accept the right of Americans to secure communications and abandon the idea of forcing innovators to dumb down these technologies. We turned our concerns to foreign governments, several of whom were trying to ban communications tools for being “too private.” (For instance, the Associated Press reported five countries threatened to ban BlackBerry services in 2010 because the services protected user privacy too well.) Americans, including the US State Department, began supporting the development and distribution of secure communications tools to foreign rights activists who need them. Now this battle may be coming home.

Even with these tools, most Americans can protect only a tiny fraction of the trail of data we leave behind electronically as we live our lives. But we still have the right to choose them and try our best to keep our private communications private.

CALEA Must Not Come Back

The government should place any proposal to expand CALEA on hold. There is little evidence the FBI is actually “going dark,” especially when balanced with all the new information they have access to about our communications. And backdoors make everyone weaker. In a time when “cybersecurity” is supposed to be a top priority in Washington, the FBI is pushing a scheme that directly undermines everyone's online security and interferes with both innovation and the freedom of users to choose the technologies that best protect them. Tell the White House now to stop the proposal in its tracks.

President Obama gave an influential speech on counter terrorism and national security policy last week, and while much of the media coverage discussed the President remarks on Guantanamo prison and drone strikes, buried in the speech was a line just as critical to civil liberties online.

Half way through the speech, Obama said he wanted to “review[] the authorities of law enforcement, so we can intercept new types of communication, and build in privacy protections to prevent abuse.”

We certainly agree with the president we need new privacy protections for our digital communications, and it’s encouraging to hear him suggest support for such proposals. After all, we know the vast surveillance authorities given to law enforcement over the last decade’—like the Patriot Act, FISA Amendments Act, and National Security Letters—have been serially abused. Unfortunately, President Obama has actively defended these laws and policies in Congress and the courts, despite promising to reform them as a candidate.

There are still many measures his administration could support in the coming months to protect Americans communications. The White House could formally support reform of the Electronic Communications Privacy Act, which still says law enforcement agencies do not need warrants to obtain emails over 180 days old. The White House could come out in favor of warrant protection for cell-phone location information since it’s requested by authorities literally millions of times a year without a warrant. In the wake of the Associated Press scandal, Obama could also support a bill to require a court order for call records of all Americans.

But the first half of Obama’s statement—about “review[] the authorities of law enforcement, so we can intercept new types of communication”—is quite troubling. The line is likely an allusion to CALEA II, a dangerous proposal the New York Times has reported the administration “is on the verge of backing.” The measure would force companies like Google and Facebook to install backdoors in all of their products to facilitate law-enforcement access, putting both our privacy and security at risk.  

Law enforcement certainly doesn’t need more legal authorities to conduct digital surveillance. As mentioned above, Congress has already been provided a huge amount of new surveillance authority that has been abused. As former White House Chief Counselor for Privacy Peter Swire said in 2011, "today [is] a golden age for surveillance."

Indeed, it seems that the law enforcement is working at cross-purposes with the folks concerned about actual cybersecurity. Just a few months ago in his State of the Union address, Obama himself talked about hackers who steal people’s identities and infiltrate private e-mail” and  “foreign countries and companies [that] swipe our corporate secrets.” Requiring real-time back doors into all of our communications would make those kinds of attacks easier. Recently, a group of more than a dozen of the nation’s best cybersecurity experts published a paper explaining why such a proposal would be a disaster for Internet security, giving hackers all over the world a central point of vulnerability to target.

And of course the FBI has still failed to put forth any evidence showing a bill to “intercept new kinds of communications” is needed at all. According to government statistics, from 2006-2010, the FBI has been ultimately thwarted by encryption zero times in their criminal investigations.

Citing privacy concerns, the White House commendably has threatened to veto CISPA, the cybersecurity bill. It should also jettison this ill-conceived CALEA II proposal in favor of privacy and security.

Email and call the White House today to tell them you oppose any plan to make Internet companies build government backdoors into your communications.

Taiwan’s intellectual property office proposed a new Internet blacklist law that would have targeted websites for their alleged use in copyright infringement. The initiative would have forced Internet Service Providers to block a list of domains or IP addresses connected to websites and services found to enable “illegal” file sharing. In the face of massive online opposition and a planned Internet blackout, the IP office has now backed down and abandoned support for the law.

Taiwanese users were going to stage an Internet black out on Tuesday June 4^th. Several websites, including Wikipedia Taiwan and Mozilla Taiwan pledged to go dark in order to raise awareness. At the time this was written, more than 45,000 people had shown their commitment to protest the bill.

The proposed amendment to Taiwanese copyright law eerily mirrored SOPA and PIPA in its vague language. Any content sharing platform—including sites like YouTube, Dropbox, or Reddit—could have been blocked entirely in Taiwan if authorities found that they were used to share copyrighted works illegally. This kind of overreaching enforcement could easily lead to mass censorship of online content.

After several news outlets reported that the new initiative was akin to mainland China’s “Great Firewall,” the Taiwanese intellectual property office made an effort to reject the comparison, claiming that they would only go after “very obvious offenders” and not sites like Facebook, Google, or Yahoo. Yet their definition of what sites they would have blacklisted remained too vague to be reassuring for sites that lack the international clout of those major services.

In the face of these criticisms and the planned blackout, the Taiwan Intellectual Property Office abandoned this severe copyright law. In its announcement, the office stated that this plan would be “adjusted.” It’s clear that the government intends to introduce another copyright enforcement initiative in the future. Still, it’s enormously encouraging to see how users in Taiwan have organized to defend their rights and successfully stopped this draconian blacklist law.

The unfortunate reality is that many government authorities around the world still buy into the belief that the health of the Internet is acceptable collateral damage in this manufactured war on copyright infringement. Lawmakers need to understand that creativity and innovation can only thrive when our platforms remain open, where users are free to share and experiment with content. While it’s clear that the Taiwan Intellectual Property Office did not learn from the mistakes of SOPA and PIPA in the U.S., let’s hope others see the defeat of this latest copyright blacklist law and recognize that users will not put up with efforts to censor the Internet.