EFF: Could Platform Safe Harbors Save the NAFTA Talks?

Could Platform Safe Harbors Save the NAFTA Talks?

As the sixth round of talks over a modernized North American Free Trade Agreement (NAFTA) kicks off in Montreal, Canada, this week, EFF has joined with 15 other organizations and 38 academic experts to send the negotiators an open letter [PDF] about the importance of platform safe harbor rules, a topic that has been proposed for the deal’s Digital Trade chapter. The proposed rules, which are based on S47 U.S.C. section 230, a provision of the Communications Decency Act („CDA 230“), would require that Internet intermediaries—whether giants like Facebook, or just your neighbour with an open Wi-Fi hotspot—can’t be held liable for most speech of their users.

Usually our arguments for such strong platform safe harbor protections  (which the letter refers to as intermediary immunity) center around how these support users‘ freedom of expression, by preventing would-be censors and critics from shutting down the platforms that host user speech. But as trade negotiators are not particularly receptive to human rights arguments, instead our joint letter focuses on the economic arguments for platform safe harbors, which are also compelling:

First, intermediary immunity facilitates the development of effective reputation systems that strengthen markets. Reputation systems improve buyer trust and encourage vendors to compete on quality as well as price. Online, consumer review services and other wisdom-of-the-crowds feedback mechanisms have emerged that have no offline equivalent. However, online reputation systems require liability immunity to function properly. Otherwise, vendors can easily suppress truthful negative information via litigation threats. Immunity keeps that information online so that it can benefit consumers.

Second, intermediary immunity lowers the barriers to launch new online services predicated on third party content, making those markets more competitive. Without immunity, new entrants face business-ending liability exposure from day one; and they must make expensive upfront investments to mitigate that risk. Immunity lowers entrants’ capital requirements and the riskiness of their investments, leading to more new entrants seeking to disrupt incumbents. This helps prevent the market from ossifying at a small number of incumbent giants.

The difficulty with the inclusion of Section 230 style safe harbors in NAFTA is that it would either require Canada and Mexico to change their law, or it would require the provision to be watered down in order to become compatible with their existing law—which would make its inclusion pointless. Therefore, the first option is the better one. For Canada, in particular, strengthening legal protection for Internet platforms could help roll back the precedent set in the Google v. Equustek case, in which the Canadian Supreme Court required Google to globally de-index a website that purportedly infringed Canadian trade secret rights.

Although changing Canadian law to strengthen platform safe harbors would be a significant step, there are certainly even tougher issues pending in the NAFTA negotiations, such as dispute resolution, government procurement, and America’s demand for a five-year sunset clause. Moreover, Canada is asking a lot of the United States, too; having this month filed a broad-ranging World Trade Organization (WTO) complaint [PDF] against the United States alleging that the latter is flouting WTO rules in the way that it imposes tariffs and duties on other countries. In that context, reaching an agreement on platform safe harbors could become an olive branch to bring the countries closer to an overall deal.

Exporting Section 230 to Mexico and Canada isn’t the only reason to advocate for its inclusion in a modernized NAFTA. This negotiation comes at a time when Section 230 stands under threat in the United States, currently from the SESTA and FOSTA proposals, which could escalate into demands that platforms also assume greater responsibility for other types of content. As uncomfortable as we are with the lack of openness of trade negotiations, baking Section 230 into NAFTA may be the best opportunity we have to protect it domestically.

Officially, this is the second-last round of NAFTA talks that has been scheduled, although it seems next to impossible that the talks could be resolved in the next round. The two more likely scenarios are either that President Trump will notify the other parties that the U.S. is withdrawing from the existing NAFTA, or that additional rounds of negotiation will be scheduled after the Mexican general elections in July. Extending the negotiation would also leave more time for negotiators to begin to engage meaningfully with the public about platform safe harbors and other digital policy issues, which they have failed to do to date.

Frankly, we don’t think that trade agreements are the right place to be negotiating rules for the Internet, and we’d rather that a Digital Trade chapter wasn’t being negotiated at all, without significant reforms to the transparency and openness of the negotiations. But if a Digital Trade chapter in NAFTA is inevitable, which seems to be the case, the better outcome for users is for broad platform safe harbor rules to be a part of that deal—both to protect users and innovators in the United States, and to ensure that the same level of protection applies North and South of the border.

Published January 24, 2018 at 12:18AM
Read more on eff.org


EFF: Support Community Control of Spy Tech in Berkeley

Support Community Control of Spy Tech in Berkeley

TNot long ago we wrote about our support for the City of Berkeley’s proposed Surveillance Technology Use and Community Safety Ordinance. In the time since, conversations like those already underway in the Police Review Commission, Peace and Justice Commission, and Disaster and Fire Safety Commission have continued with city agencies and residents.

Having been sculpted through these conversations and the recommendations of members of the Berkeley community, this ordinance represents the civil rights and civil liberties values of the people of the City of Berkeley.

To inform the City Council as they consider this ordinance, Berkeley residents may submit written comments on its adoption through an online forum. In addition, community members are encouraged to email the City Council directly.

Take Action


As we stated in our letter of support submitted to the Berkeley City Council by EFF and more than a dozen local groups and national civil rights organizations:

The ordinance is straightforward: it requires essential community control, transparency, and accountability for all surveillance technology proposals, and it ensures the public has the opportunity to learn about the civil rights and civil liberties impact of surveillance technologies before city agencies acquire them.

With the adoption of this bill, the power to decide whether these invasive spying technologies are acquired, and how they are utilized, will be protected from unilateral decisions by agency executives, and instead placed in the hands of elected City Council members. More importantly, all residents will be provided an opportunity to comment on proposed surveillance technologies before representatives decide whether to adopt them.

Published January 23, 2018 at 05:00PM
Read more on eff.org

EFF: EFF Asks California Supreme Court to Defuse a Time Bomb That Could Harm Anonymous Speech

EFF Asks California Supreme Court to Defuse a Time Bomb That Could Harm Anonymous Speech

In recent months, we’ve seen worrying decisions in state and federal courts that weaken the First Amendment protection for anonymous speech. Last week, EFF called on the California Supreme Court to limit the impact of one these decisions, Yelp v. Superior Court.

The Yelp case involves a defamation lawsuit brought by an accountant who claims that an anonymous Yelp reviewer defamed him and his business. Last year, a California court of appeal found that Yelp had to turn over information identifying the anonymous user because the plaintiff had a plausible case of defamation. As we wrote then, the court applied a test that failed to give full weight to the First Amendment. We predicted that the Yelp decision was a time bomb that “could invite a fresh wave of lawsuits against anonymous speakers that are designed to harass or intimidate anonymous speakers rather than vindicate actual legal grievances.” 

Our prediction may be coming true: Yelp told the California Supreme Court that it is already involved in another case where a defamation plaintiff is trying to reveal an anonymous reviewer without any evidence at all. 

To limit the damage from the 2017 decision, Yelp is asking the California Supreme Court to “depublish” the part of the opinion that invites baseless defamation lawsuits against anonymous speakers. Depublication means that the decision cannot be relied on by future courts.

EFF filed our own letter supporting the depublication request and calling attention other attempts to harass anonymous speakers. We hope the California Supreme Court agrees.


Published January 23, 2018 at 01:40AM
Read more on eff.org

EFF: Google’s Advanced Protection Program Offers Security Options For High-Risk Users

Google’s Advanced Protection Program Offers Security Options For High-Risk Users

Security is not a one-size-fits-all proposition, and features that are prohibitively inconvenient for some could be critical for others. For most users, standard account security settings options are sufficient protection against common threats. But for the small minority of users who might be targeted individually—like journalists, policy makers, campaign staff, activists, people with abusive exes, or victims of stalking—standard security options won’t cut it.

For those users, Google recently added the option to add stronger protections to personal Google accounts with the Advanced Protection Program. Advanced Protection is a big step in the right direction to provide different levels of protection for different people, and other companies and platforms should follow suit.

An account with Advanced Protection turned on will change in three main ways. First, when you sign in, you’ll need to use a physical security key in addition to your password. Advanced Protection also requires you to have a second back-up key on hand. Second, you’ll only be able to use Gmail and other Google services on the Chrome browser, and third-party apps won’t be able to access your Gmail or Google Drive. And third, if you ever get locked out of your account, regaining access will take more time and require more types of identity verification. Respectively, these measures protect against phishing, malicious apps that try to trick you into granting them excessive permissions, and attackers who try to use the account recovery process to take over your account.

This adds up to the best option available to individuals who want to give their personal Google accounts the highest level of security without needing technical expertise or deep pockets.

Of course, Advanced Protection comes with significant trade-offs and limitations. Starting to use Advanced Protection requires two security keys and some set-up time. For people not used to carrying around and keeping track of security keys, that can pose an inconvenience when signing in. And once signed in, users who rely on non-Google apps or clients to use their Gmail or Google Calendar will lose some of that functionality. This is especially the case for Mac and iPhone users: since native Apple applications do not currently support two-factor authentication with security keys, iOS users will have to take arduous extra steps to make sure their apps and contacts are set up. Finally, if you ever lose your security keys or forget your password, the lengthy account recovery process will lock you out of your account for days. Expect the specifics to change, however, as Google updates the program’s protections and functionality going forward.

By definition, Advanced Protection won’t be for everyone. Using it means accepting more inconvenience in exchange for higher security. But if an account breach could threaten your reputation, career, or even your life, it is an option worth considering. If you turn on Advanced Protection on and it turns out to not be the right fit, it can be turned off at any time.

Published January 22, 2018 at 05:25PM
Read more on eff.org