American companies face a difficult tradeoff when dealing with government requests, but they should just say no to Saudi Arabia, which is using social media companies to do its dirty work in censoring Qatari media. Over the past few weeks, both Medium and Snap have caved to Saudi demands to geoblock journalistic content in the kingdom.
The history of Silicon Valley companies’ compliance with requests from foreign governments is a sad one, and one that has undoubtedly led to more censorship around the world. While groups like EFF have been successful at pushing companies toward more transparency and at pushing back against domestic censorship in the United States, it seems that companies are unwilling or unable to see why protecting freedom of expression on their platforms abroad is important.
After Yahoo’s compliance with a user data request from the Chinese government in the early 2000s resulted in the imprisonment of two Chinese citizens, the digital rights community began to pressure companies to use more scrutiny when dealing with orders from foreign governments. The early work of scholars such as Rebecca MacKinnon led to widespread awareness amongst civil society groups and the eventual creation of the Global Network Initiative, which created standards guiding companies’ compliance with foreign requests. A push from advocacy groups resulted in Google issuing its first transparency report in 2010, with other companies following the Silicon Valley giant’s lead. Today—thanks to tireless advocacy and projects like EFF’s Who Has Your Back report—dozens of companies issue their own reports.
Transparency is vital. It helps users to understand who the censors are, and to make informed decisions about what platforms they use. But, as it turns out, transparency does not necessarily lead to less censorship.
The Kingdom of Saudi Arabia is one of the world’s most prolific censors, attacking everything from advertisements and album covers to journalistic publications. The government—an absolute monarchy—has in recent years implemented far-reaching surveillance, arrested bloggers and dissidents for their online speech, and allegedly deployed an online “army” against Al Jazeera and its supporters. Even before recent events, the country was known as the Arab world’s leader in Internet censorship, aggressively blocking a wide array of content from its citizens. American companies—including Facebook and Google—have at times in the past voluntarily complied with content restriction demands from Saudi Arabia, though we know little about their context.
Now, in the midst of Saudi Arabia’s sustained attack on Al Jazeera (and its host country, Qatar), the government is ramping up its takedown requests. In particular, the government of Saudi Arabia is going after the press, and disappointingly, Silicon Valley companies seem all too eager to comply.
In late June, Medium complied with requests from the government to restrict access to content from two publications: Qatar-backed Al Araby Al Jadeed (“The New Arab”) and The New Khaliji News. In the interest of transparency, the company sent both requests to Lumen.
Medium has faced government censorship before; In 2016, the Malaysian government blocked the popular blogging platform, while Egypt included the site in a long list of banned publications earlier this year. By complying with the orders of the Saudi government, Medium is less likely to face a full ban in the country.
This week, Snap disappointed free expression advocates by joining the list of companies willing to team up with Saudi Arabia against Qatar and its media outlets. The social media giant pulled the Al Jazeera Discover Publisher Channel from Saudi Arabia late last week. A company spokesperson told Reuters: “We make an effort to comply with local laws in the countries where we operate.”
As we’ve argued in the past, companies should limit their compliance with foreign governments which are not democratic and where they do not have employees or other assets on the ground. By censoring at the behest of a government like Saudi Arabia’s, Medium and Snap have chosen to side with the Saudi regime in a dangerous political game—and by censoring the press, they have demonstrated a stunning lack of commitment to freedom of expression. While other companies like Facebook and Twitter may have set the precedent, it’s not one that other companies should be proud to follow.
We urge Medium and Snap to reconsider their decisions, and for other companies to strengthen their commitment to freedom of expression by refusing to bow to demands from authoritarian governments when they’re not legally bound to.
Law enforcement officers in Washington, D.C. violated the Fourth Amendment when they used a cell site simulator to locate a suspect without a warrant, a D.C. appeals court ruled on Thursday. The court thus found that the resulting evidence should have been excluded from trial and overturned the defendant’s convictions.
EFF joined the ACLU in filing an amicus brief, arguing that the use of a cell-site simulator without a warrant constituted an illegal search. We applaud the court’s decision in applying long-established Fourth Amendment principles to the digital age.
Cell-site simulators (also known as “IMSI catchers” and “Stingrays”) are devices that emulate cell towers in order to gain information from a caller’s phone, such as locational information. Police have acted with unusual secrecy regarding this technology, including taking extraordinary steps to ensure that use does not appear in court filings and is not released through public records requests. Concerns over the secrecy and privacy have led to multiple lawsuits and legal challenges, as well as legislation.
The new decision in Prince Jones v. U.S. is the latest to find that police are violating our rights when using this sophisticated spying technology without a warrant.
Jones was accused of sexual assault and burglary. Much of the evidence collected against him was derived from cell-site simulators targeting his phone.
The court determined that the use of a cell-site simulator to track and locate Jones was in fact a “search,” despite claims to the contrary from the prosecution. As the court wrote:
The cell-site simulator employed in this case gave the government a powerful person-locating capability that private actors do not have and that, as explained above, the government itself had previously lacked—a capability only superficially analogous to the visual tracking of a suspect. And the simulator's operation involved exploitation of a security flaw in a device that most people now feel obligated to carry with them at all times. Allowing the government to deploy such a powerful tool without judicial oversight would surely “shrink the realm of guaranteed privacy” far below that which “existed when the Fourth Amendment was adopted.” … It would also place an individual in the difficult position either of accepting the risk that at any moment his or her cellphone could be converted into tracking device or of forgoing “necessary use of” the cellphone… We thus conclude that under ordinary circumstances, the use of a cell-site simulator to locate a person through his or her cellphone invades the person's actual, legitimate, and reasonable expectation of privacy in his or her location information and is a search.
The decision should serve as yet another warning to law enforcement that new technologies do not mean investigators can bypass the Constitution. If police want data from our devices, they should come back with a warrant.
In a closely watched case, the Court of Appeals for the Federal Circuit has issued an order that should see many more patent cases leaving the Eastern District of Texas. The order in In re Cray, together with the Supreme Court’s recent decision in TC Heartland v. Kraft Foods, should make it much more difficult for patent owners to pick and choose among various courts in the country. In particular, it should drastically limit the ability of patent trolls to file in their preferred venue: the Eastern District of Texas.
“Venue” is a legal doctrine that relates to where cases can be heard. Prior to 1990, the Supreme Court had long held that in patent cases, the statute found at 28 U.S.C. § 1400 controlled where a patent case could be filed. This statute says that venue in patent cases is proper either (1) where the defendant “resides” or (2) where the defendant has “committed acts of infringement and has a regular and established place of business.” However, in 1990 in a case called VE Holding, the Federal Circuit held that a small technical amendment to another statute—28 U.S.C. § 1391—abrogated this long line of cases. VE Holding, together with another case called Beverly Hills Fan, essentially meant that companies that sold products nationwide could be hailed into any court in the country on charges of patent infringement, regardless of how tenuous the connection to that forum.
In May, 2017, the Supreme Court reaffirmed that the more specific statute, 28 U.S.C. § 1400, controls where a patent case can be filed. TC Heartland ruled that the term “resides” referred to a historical meaning, and was limited to the state of the defendant’s incorporation. However, TC Heartland did not discuss what was meant by the second prong of the venue statute, i.e. when defendants could be considered to have a “regular and established place of business.”
In light of TC Heartland, many patent owners shifted their arguments, and pointed to the “regular and established place of business” in a district as the basis for bringing suit there. Because that term had not been applied for some time, courts have variously determined what, exactly, constitutes a “regular and established place of business.”
One decision, Raytheon Co. v. Cray, Inc., written by Judge Gilstrap (a judge who at one point had ~25% of all patent cases in the entire country before him) appeared to take a broad view of what it meant to have a “regular and established place of business.” Judge Gilstrap held that “a fixed physical location in the district is not a prerequisite to proper venue.” More concerningly, Judge Gilstrap announced his own four-factor “test” that created greater possibilities that venue would be proper in the Eastern District.
The Federal Circuit has now rejected both that test and Judge Gilstrap’s finding that a physical location in the district is not necessary. The Federal Circuit specifically noted that the venue statute “cannot be read to refer merely to a virtual space or to electronic communications from one person to another.” Importantly, the Federal Circuit also held that it is not enough that an employee may live in the district. What is important is whether the alleged infringer has itself (as opposed to the employee) established a place of business in the district. The Federal Circuit did stress, however, that every case should be judged on its own facts. Based on the facts of Cray’s relationship to the district, the Federal Circuit ordered Judge Gilstrap to transfer the case out of the Eastern District.
This is a good ruling for many defendants who may find themselves sued in the Eastern District or any other district they may be only loosely connected with. When patent owners can drag defendants into court in far-flung corners of the country it can cause significant harm, especially for those who are on the receiving end of a frivolous lawsuit. Patent owners can pick a forum that is less inclined to grant fees, keep costs down, or stay cases. As a result, oftentimes it is cheaper to settle even a frivolous case than to fight. Between TC Heartland and now In re Cray, the ability of patent trolls to extort settlements based on cost of litigation rather than merit has been curtailed.
On October 1, a referendum will be held on whether Catalonia, an autonomous region of the northeast of Spain, should declare itself to be an independent country. The Spanish government has ruled the referendum illegal, and is taking action on a number of fronts to shut it down and to censor communications promoting it. One of its latest moves in this campaign was a Tuesday police raid of the offices of puntCAT, the domain registry that operates the .cat top-level domain, resulting in the seizure of computers, the arrest of its head of IT for sedition, and the deletion of domains promoting the October 1 referendum, such as refoct1.cat (that website is now available at an alternate URL).
The .cat top-level domain was one of the earliest new top-level domains approved by ICANN in 2004, and is operated by a non-governmental, non-profit organization for the promotion of Catalan language and culture. Despite the seizure of computers at the puntCAT offices, because the operations of the domain registry are handled by an external provider, .cat domains not connected with the October 1 referendum (including eff.cat, EFF's little-known Catalan language website) have not been affected.
We have deep concerns about the use of the domain name system to censor content in general, even when such seizures are authorized by a court, as happened here. And there are two particular factors that compound those concerns in this case. First, the content in question here is essentially political speech, which the European Court of Human Rights has ruled as deserving of a higher level of protection than some other forms of speech. Even though the speech concerns a referendum that has been ruled illegal, the speech does not in itself pose any imminent threat to life or limb.
The second factor that especially concerns us here is that the seizure took place with only 10 days remaining until the scheduled referendum, making it unlikely that the legality of the domains' seizures could be judicially reviewed before the referendum is scheduled to take place. The fact that such mechanisms of legal review would not be timely accessible to the Catalan independence movement, and that the censorship of speech would therefore be de facto unreviewable, should have been another reason for the Spanish authorities to exercise restraint in this case.
Whether it's allegations of sedition or any other form of unlawful or controversial speech, domain name intermediaries should not be held responsible for the content of websites that utilize their domains. If such content is unlawful, a court order directed to the publisher or host of that content is the appropriate way for authorities to deal with that illegality, rather than the blanket removal of entire domains from the Internet. The seizure of .cat domains is a worrying signal that the Spanish government places its own interests in quelling the Catalonian independence movement above the human rights of its citizens to access a free and open Internet, and we join ordinary Catalonians in condemning it.