We at EFF are horrified by the events transpiring in the Middle East: Hamas’ deadly attack on southern Israel last weekend and Israel’s ongoing retributive military attack and siege on Gaza. While we are not experts in military strategy or international diplomacy, we do have expertise with how human rights and civil liberties should be protected on the internet—even in times of conflict and war. 

That is why we are deeply concerned that a key part of Israel’s response has been to target telecommunications infrastructure in Gaza, including effectively shutting down the internet.  

Here are a few reasons why:  

Shutting down telecommunications deprives civilians of a life-saving tool for sharing information when they need it the most. 

In wartime, being able to communicate directly with the people you trust is instrumental to personal safety and protection, and may ultimately mean the difference between life and death. But right now, the millions of people in Gaza, who are already facing a dire humanitarian crisis, are experiencing oppressive limitations on their access to the internet—stifling their ability to find out where their families are, obtain basic information about resources and any promised humanitarian aid, share safer border crossings, and other crucial information.  

The internet was built, in part, to make sure that communications like this are possible. And despite its use for spreading harmful content and misinformation, the internet is particularly imperative in moments of war and conflict when sharing and receiving real-time and up to date information is critical for survival. For example, what was previously a safe escape route may no longer be safe even a few hours later, and news printed in a broadsheet may no longer be reliable or relevant the following day.  

The internet enables this flow of information to remain active and alert to new realities. Shutting down access to internet services creates impossible obstacles for the millions of people trapped in Gaza. It is eroding access to the lifeline that millions of civilians need to stay alive.  

Shutting down telecommunications will not silence Hamas.  

We also understand the impulse to respond to Hamas’ shocking use of the internet to terrorize Israelis, including by taking over Facebook pages of people they have taken hostage to live stream and post horrific footage. We urge social media and other platforms to act quickly when those occur, which typically they can already do under their respective terms of use. But the Israeli government’s reaction of shutting down all internet communications in Gaza is a wrongheaded response and one that will impact exactly the wrong people.  

Hamas is sufficiently well-resourced to maneuver through any infrastructural barriers, including any internet shutdowns imposed by the Israeli government. Further, since Israel isn’t able to limit the voice of Hamas, the internet shutdown effectively allows Hamas to dominate the Palestinian narrative in the public vernacular—eliminating the voices of activists, journalists, and ordinary people documenting their realities and sharing facts in real-time.  

Shutting down telecommunications sets a dangerous precedent.  

Given the proliferation of the internet and its use in pivotal social and political moments, governments are very aware of their power to cut off that access. Shutdowns have become a blunt instrument that aid state violence and deprive free speech, and are routinely deployed by authoritarian governments that do not care about the rule of law or human rights. For example, limiting access to the internet was a vital component of the Syrian government’s repressive strategy in 2013, and Egyptian President Hosni Mubarak shut down all internet access for five days in 2011 in an effort to impair Egyptians’ ability to coordinate and communicate. As we’ve said before, access to the Internet shouldn't be a bargaining chip in geopolitical battles. Instead of protecting human rights of civilians, Israel has adopted a disproportionate tactic often used by the authoritarian governments of Iran, Russia, and Myanmar. 

Israel is a party to the International Covenant on Civil and Political Rights and has long claimed to be committed to upholding and protecting human rights. But shutting off access to telecommunications for millions of ordinary Palestinians is grossly inconsistent with that claim and instead sends the message that the Israeli government is actively working to ensure that ordinary Palestinians are placed at an even greater risk of harm than they already are. It also sends the unmistakable message that the Israeli government is preventing people around the world learning the truth about its actions in Gaza, something that is affirmed by Israel’s other actions like approving new regulation to temporarily shut down news channels which ‘damage national security.’ 

We call on Israel to stop interfering with the telecommunications infrastructure in Gaza, and to ensure Palestinians from Gaza to the West Bank immediately have unrestricted access to the internet.    

It’s Open Access Week in the United States, which means it’s a chance to celebrate the accomplishments of the Open Access movement—and reinforce the need to keep fighting. We’ve come a long way, with governments, universities, and research funders all successfully pressuring publishers to improve access to knowledge and finding ways to do it themselves. 

TAKE ACTION

Tell Congress: Access To Laws Should Be Fully Open

At EFF, we are especially proud of the work we have done helping our client, Public.Resource.Org (PRO), improve public access to the law. Public Resource’s mission is to make all government information available to the governed. As part of that mission, it posts safety codes such as the National Electrical Code, on its website, for free, in a fully accessible format—where those codes have been adopted into law by reference.  

You didn’t learn about incorporation by reference from Schoolhouse Rock, but it’s one of the key ways policymakers create law. A huge portion of the regulations we all live by (such as fire safety codes, or the National Electrical Code) are initially written—by industry experts, government officials, and other volunteers—under the auspices of standards development organizations (SDOs). Federal, state, or municipal policymakers then review the codes and decide whether the standard is a good broad rule. If so, it is adopted into law “by reference.” In other words, the regulation cites the code by name but doesn’t copy and paste the entire thing into law (useful when the code is long and detailed). For example, if a regulation requires compliance with the National Fire Safety Code, it might simply refer to specific provisions or the code as a whole, rather than copying it in directly. But that doesn’t make compliance any less mandatory. 

When a pipeline bursts, journalists might want to investigate whether the pipeline complied with federal regulations, or compare federal, state, and local rules. When a toy is recalled, parents want to know whether its maker followed child safety rules. When a fire breaks out, homeowners and communities want to know whether the building complied with fire safety regulations. Online access to safety regulations helps make that review—and accountability—possible.  

The rub: the SDOs claim to own copyright in these rules, even after they become law, and that they are therefore allowed to sell and otherwise control access to them. Based on that claim, they sued Public Resource for copyright infringement. 

But court after court has recognized that no one can own the law.  The Supreme Court held as much in its very first copyright case, and recently reaffirmed it: if “every citizen is presumed to know the law,” the Court observed, “it needs no argument to show . . . that all should have free access to its contents.” And in September 2023, after a decade of litigation, a federal appeals court held that Public Resource’s database was a lawful fair use.  

Which brings us to the latest threat. Having lost in court, the SDOs are now looking to Congress to shore up their copyright claim, via the Pro Codes Act. It’s a tricky bit of legislation that seems innocuous if you don’t know the context. 

Pro Codes’ main provision requires that: 

An original work of authorship otherwise subject to protection under this title that has been adopted or incorporated by reference, in full or in part, into any Federal, State, or municipal law or regulation, shall retain such protection only if the owner of the copyright makes the work available at no monetary cost for viewing by the public in electronic form on a publicly accessible website in a location on the website that is readily accessible to the public.

Sounds good, right? In fact, it sounds obvious: mandatory regulations should be made available online, for free, so people can more easily know, share, and comment on them. Here’s the trick: this language would effectively endorse the claim that SDOs can “retain” copyright in the law, as long as they let the public read it online.  

There are many problems with this approach. First and foremost, “access” here means read-only, and subject to licensing limits.  We already know what that looks like: currently the SDOs that make their codes available to the public online do so through clunky, disorganized, siloed websites, largely inaccessible to the print-disabled, and subject to onerous contractual terms (like a requirement to give up your personal information). The public can’t copy, print, or even link to specific portions of the codes. In other words, you can look at the law (as long as you aren’t print-disabled and you know what to look for), but you can’t share it, compare it, or comment on it. As multiple amici who filed briefs in support of Public Resource explained, the public needs more.  

Second, it doesn’t really make sense. The many volunteers who develop these codes neither need nor want a copyright incentive. The SDOs don’t need it either—they don’t do anything creative (convening volunteers is important work, but not creative work), and they make plenty of profit though trainings, membership fees, and selling standards that haven’t been incorporated into law.  

Third, it’s unconstitutional under the First, Fifth, and Fourteenth Amendments, which guarantee the public’s right to read, share, and discuss the law.  

Finally, there is no need for this bill. It simply mandates that SDOs do badly what Public Resource is already doing, better, for free.  

The Pro Codes Act is a deceptive power grab that will help giant industry associations ration access to huge swaths of U.S. law. Tell Congress not to fall for it. 

 EFF is proud to celebrate Open Access Week. 

TAKE ACTION

Tell Congress: Access To Laws Should Be Fully Open

Every year, we encounter new, often ill-conceived, bills written by state, federal, and international regulators to tackle a broad set of digital topics ranging from child safety to artificial intelligence. These scattershot proposals to correct online harm are often based on censorship and news cycles. Instead of this chaotic approach that rarely leads to the passage of good laws, we propose another solution in a new report: Privacy First: A Better Way to Address Online Harms.

In this report, we outline how many of the internet's ills have one thing in common: they're based on the business model of widespread corporate surveillance online. Dismantling this system would not only be a huge step forward to our digital privacy, it would raise the floor for serious discussions about the internet's future.

What would this comprehensive privacy law look like? We believe it must include these components:

• No online behavioral ads.
• Data minimization.
• Opt-in consent.
• User rights to access, port, correct, and delete information.
• No preemption of state laws.
• Strong enforcement with a private right to action.
• No pay-for-privacy schemes.
• No deceptive design.

A strong comprehensive data privacy law promotes privacy, free expression, and security. It can also help protect children, support journalism, protect access to health care, foster digital justice, limit private data collection to train generative AI, limit foreign government surveillance, and strengthen competition. These are all issues on which lawmakers are actively pushing legislation—both good and bad.

Comprehensive privacy legislation won’t fix everything. Children may still see things that they shouldn’t. New businesses will still have to struggle against the deep pockets of their established tech giant competitors. Governments will still have tools to surveil people directly. But with this one big step in favor of privacy, we can take a bite out of many of those problems, and foster a more humane, user-friendly technological future for everyone.

Creators have reason to be wary of the generative AI future. For one thing, while GenAI can be a valuable tool for creativity, it may also be used to deceive the public and disrupt existing markets for creative labor. Performers, in particular, worry that AI-generated images and music will become deceptive substitutes for human models, actors, or musicians.

Existing laws offer multiple ways for performers to address this issue. In the U.S., a majority of states recognize a “right of publicity,” meaning, the right to control if and how your likeness is used for commercial purposes. A limited version of this right makes sense—you should be able to prevent a company from running an advertisement that falsely claims that you endorse its products—but the right of publicity has expanded well beyond its original boundaries, to potentially cover just about any speech that “evokes” a person’s identity.

In addition, every state prohibits defamation, harmful false representations, and unfair competition, though the parameters may vary. These laws provide time-tested methods to mitigate economic and emotional harms from identity misuse while protecting online expression rights.

But some performers want more. They argue that your right to control use of your image shouldn’t vary depending on what state you live in. They’d also like to be able to go after the companies that offer generative AI tools and/or host AI-generated “deceptive” content. Ordinary liability rules, including copyright, can’t be used against a company that has simply provided a tool for others’ expression. After all, we don’t hold Adobe liable when someone uses Photoshop to suggest that a president can’t read or even for more serious deceptions. And Section 230 immunizes intermediaries from liability for defamatory content posted by users and, in some parts of the country, publicity rights violations as well. Again, that’s a feature, not a bug; immunity means it’s easier to stick up for users’ speech, rather than taking down or preemptively blocking any user-generated content that might lead to litigation. It’s a crucial protection not just big players like Facebook and YouTube, but also small sites, news outlets, emails hosts, libraries, and many others.

Balancing these competing interests won’t be easy. Sadly, so far Congress isn’t trying very hard. Instead, it’s proposing “fixes” that will only create new problems.

Last fall, several Senators circulated a “discussion draft” bill, the NO FAKES Act. Professor Jennifer Rothman has an excellent analysis of the bill, including its most dangerous aspect: creating a new, and transferable, federal publicity right that would extend for 70 years past the death of the person whose image is purportedly replicated. As Rothman notes, under the law:

record companies get (and can enforce) rights to performers’ digital replicas, not just the performers themselves. This opens the door for record labels to cheaply create AI-generated performances, including by dead celebrities, and exploit this lucrative option over more costly performances by living humans, as discussed above.

In other words, if we’re trying to protect performers in the long run, just make it easier for record labels (for example) to acquire voice rights that they can use to avoid paying human performers for decades to come.

NO FAKES hasn’t gotten much traction so far, in part because the Motion Picture Association hasn’t supported it. But now there’s a new proposal: the “No AI FRAUD Act.” Unfortunately, Congress is still getting it wrong.

First, the Act purports to target abuse of generative AI to misappropriate a person’s image or voice, but the right it creates applies to an incredibly broad amount of digital content: any “likeness” and/or “voice replica” that is created or altered using digital technology, software, an algorithm, etc. There’s not much that wouldn’t fall into that category—from pictures of your kid, to recordings of political events, to docudramas, parodies, political cartoons, and more. If it involved recording or portraying a human, it’s probably covered. Even more absurdly, it characterizes any tool that has a primary purpose of producing digital depictions of particular people as a “personalized cloning service.” Our iPhones are many things, but even Tim Cook would likely be surprised to know he’s selling a “cloning service.”

Second, it characterizes the new right as a form of federal intellectual property. This linguistic flourish has the practical effect of putting intermediaries that host AI-generated content squarely in the litigation crosshairs. Section 230 immunity does not apply to federal IP claims, so performers (and anyone else who falls under the statute) will have free rein to sue anyone that hosts or transmits AI-generated content.

That, in turn, is bad news for almost everyone—including performers. If this law were enacted, all kinds of platforms and services could very well fear reprisal simply for hosting images or depictions of people—or any of the rest of the broad types of “likenesses” this law covers. Keep in mind that many of these service won’t be in a good position to know whether AI was involved in the generation of a video clip, song, etc., nor will they have the resources to pay lawyers to fight back against improper claims. The best way for them to avoid that liability would be to aggressively filter user-generated content, or refuse to support it at all.

Third, while the term of the new right is limited to ten years after death (still quite a long time), it’s combined with very confusing language suggesting that the right could extend well beyond that date if the heirs so choose. Notably, the legislation doesn’t preempt existing state publicity rights laws, so the terms could vary even more wildly depending on where the individual (or their heirs) reside.

Lastly, while the defenders of the bill incorrectly claim it will protect free expression, the text of the bill suggests otherwise. True, the bill recognizes a “First Amendment defense.” But every law that affects speech is limited by the First Amendment—that’s how the Constitution works. And the bill actually tries to limit those important First Amendment protections by requiring courts to balance any First Amendment interests “against the intellectual property interest in the voice or likeness.” That balancing test must consider whether the use is commercial, necessary for a “primary expressive purpose,” and harms the individual’s licensing market. This seems to be an effort to import a cramped version of copyright’s fair use doctrine as a substitute for the rigorous scrutiny and analysis the First Amendment (and even the Copyright Act) requires.

We could go on, and we will if Congress decides to take this bill seriously. But it shouldn’t. If Congress really wants to protect performers and ordinary people from deceptive or exploitative uses of their images and voice, it should take a precise, careful and practical approach that avoids potential collateral damage to free expression, competition, and innovation. The No AI FRAUD Act comes nowhere near the mark

We're taking part in Copyright Week, a series of actions and discussions supporting key principles that should guide copyright policy. Every day this week, various groups are taking on different elements of copyright law and policy, addressing what's at stake and what we need to do to make sure that copyright promotes creativity and innovation.

It’s 1975. Earth, Wind and Fire rule the airwaves, Jaws is on every theater screen, All In the Family is must-see TV, and Bill Gates and Paul Allen are selling software for the first personal computer, the Altair 8800.

But for copyright lawyers, and eventually the public, something even more significant is about to happen: Sony starts selling the first videotape recorder, or VTR. Suddenly, people had the power to  store TV programs and watch them later. Does work get in the way of watching your daytime soap operas? No problem, record them and watch when you get home. Want to watch the game but hate to miss your favorite show? No problem. Or, as an ad Sony sent to Universal Studios put it, “Now you don’t have to miss Kojak because you’re watching Columbo (or vice versa).”

What does all of this have to do with Generative AI? For one thing, the reaction to the VTR was very similar to today’s AI anxieties. Copyright industry associations ran to Congress, claiming that the VTR "is to the American film producer and the American public as the Boston strangler is to the woman home alone" – rhetoric that isn’t far from some of what we’ve heard in Congress on AI lately. And then, as now, rightsholders also ran to court, claiming Sony was facilitating mass copyright infringement. The crux of the argument was a new legal theory: that a machine manufacturer could be held liable under copyright law (and thus potentially subject to ruinous statutory damages) for how others used that machine.

The case eventually worked its way up to the Supreme Court, and in 1984 the Court rejected the copyright industry’s rhetoric and ruled in Sony’s favor. Forty years later, at least two aspects of that ruling are likely to get special attention.

First, the Court observed that where copyright law has not kept up with technological innovation, courts should be careful not to expand copyright protections on their own. As the decision reads:

Congress has the constitutional authority and the institutional ability to accommodate fully the varied permutations of competing interests that are inevitably implicated by such new technology. In a case like this, in which Congress has not plainly marked our course, we must be circumspect in construing the scope of rights created by a legislative enactment which never contemplated such a calculus of interests.

Second, the Court borrowed from patent law the concept of “substantial noninfringing uses.” In order to hold Sony liable for how its customers used their VTRs, rightholders had to show that the VTR was simply a tool for infringement. If, instead, the VTR was “capable of substantial noninfringing uses,” then Sony was off the hook. The Court held that the VTR fell in the latter category because it was used for private, noncommercial time-shifting, and that time-shifting was a lawful fair use.  The Court even quoted Fred Rogers, who testified that home-taping of children’s programs served an important function for many families.

That rule helped unleash decades of technological innovation. If Sony had lost, Hollywood would have been able to legally veto any tool that could be used for infringing as well as non-infringing purposes. With Congress’ help, it has found ways to effectively do so anyway, such as Section 1201 of the DMCA. Nonetheless, Sony remains a crucial judicial protection for new creativity.

Generative AI may test the enduring strength of that protection. Rightsholders argue that generative AI toolmakers directly infringe when they used copyrighted works as training data. That use is very likely to be found lawful. The more interesting question is whether toolmakers are liable if customers use the tools to generate infringing works. To be clear, the users themselves may well be liable – but they are less likely to have the kind of deep pockets that make litigation worthwhile. Under Sony, however, the key question for the toolmakers will be whether their tools are capable of substantial non-infringing uses. The answer to that question is surely yes, which should preclude most of the copyright claims.

But there’s risk here as well – if any of these cases reach its doors, the Supreme Court could overturn Sony. Hollywood certainly hoped it would do so it when considered the legality of peer-to-peer file-sharing in MGM v Grokster. EFF and many others argued hard for the opposite result. Instead, the Court side-stepped Sony altogether in favor of creating a new form of secondary liability for “inducement.”

The current spate of litigation may end with multiple settlements, or Congress may decide to step in. If not, the Supreme Court (and a lot of lawyers) may get to party like it’s 1975. Let’s hope the justices choose once again to ensure that copyright maximalists don’t get to control our technological future.

Copyright’s reach is already far too broad, and courts have no business expanding it any further, particularly where that reframing will undermine adversarial interoperability. Unfortunately, a federal district court did just that in the latest iteration of Oracle v. Rimini, concluding that software Rimini developed was a “derivative work” because it was intended to interoperate with Oracle's software, even though the update didn’t use any of Oracle’s copyrightable code.

That’s a dangerous precedent. If a work is derivative, it may infringe the copyright in the preexisting work from which it, well, derives. For decades, software developers have relied, correctly, on the settled view that a work is not derivative under copyright law unless it is “substantially similar” to a preexisting work in both ideas and expression. Thanks to that rule, software developers can build innovative new tools that interact with preexisting works, including tools that improve privacy and security, without fear that the companies that hold rights in those preexisting works would have an automatic copyright claim to those innovations.

That’s why EFF, along with a diverse group of stakeholders representing consumers, small businesses, software developers, security researchers, and the independent repair community, filed an amicus brief in the Ninth Circuit Court of Appeals explaining that the district court ruling is not just bad policy, it’s also bad law.  Court after court has confronted the challenging problem of applying copyright to functional software, and until now none have found that the copyright monopoly extends to interoperable software absent substantial similarity. In other words, there is no “software exception” to the definition of derivative works, and the Ninth Circuit should reject any effort to create one.

The district court’s holding relied heavily on an erroneous interpretation of a 1998 case, Micro Star v. FormGen. In that case, the plaintiff, FormGen, published a video game following the adventures of action hero Duke Nukem. The game included a software tool that allowed players themselves to build new levels to the game and share them with others. Micro Star downloaded hundreds of those user-created files and sold them as a collection. When FormGen sued for copyright infringement, Micro Star argued that because the user files didn’t contain art or code from the FormGen game, they were not derivative works.

The Ninth Circuit Court of Appeals ruled against Micro Star, explaining that:

[t]he work that Micro Star infringes is the [Duke Nukem] story itself—a beefy commando type named Duke who wanders around post-Apocalypse Los Angeles, shooting Pig Cops with a gun, lobbing hand grenades, searching for medkits and steroids, using a jetpack to leap over obstacles, blowing up gas tanks, avoiding radioactive slime. A copyright owner holds the right to create sequels and the stories told in the [user files] are surely sequels, telling new (though somewhat repetitive) tales of Duke’s fabulous adventures.

Thus, the user files were “substantially similar” because they functioned as sequels to the video game itself—specifically the story and principal character of the game. If the user files had told a different story, with different characters, they would not be derivative works. For example, a company offering a Lord of the Rings game might include tools allowing a user to create their own character from scratch. If the user used the tool to create a hobbit, that character might be considered a derivative work. A unique character that was simply a 21^st century human in jeans and a t-shirt, not so much.

Still, even confined to its facts, Micro Star stretched the definition of derivative work. By misapplying Micro Star to purely functional works that do not incorporate any protectable expression, however, the district court rewrote the definition altogether. If the court’s analysis were correct, rightsholders would suddenly have a new default veto right in all kinds of works that are intended to “interact and be useable with” their software. Unfortunately, they are all too likely to use that right to threaten add-on innovation, security, and repair.

Defenders of the district court’s approach might argue that interoperable software will often be protected by fair use. As copyrightable software is found in everything from phones to refrigerators, fair use is an essential safeguard for the development of interoperable tools, where those tools might indeed qualify as derivative works. But many developers cannot afford to litigate the question, and they should not have to just because one federal court misread a decades-old case.