Friso van Dijk

You are innocent until proven guilty, or until you decide to go online. The internet used to be a haven of free expression. Now it’s a place where every individual is suspected of being a terrorist or a pirate. Governments are caught up in an arms race of mass surveillance and hardly anyone appears to stop and think about the direction we’re heading in. It’s time to take a critical look at the technology legislation that undermines the core principles of a free society.

Let’s start at the beginning. In the late 1940s, the world was very different. People were dealing with the aftermath of two World Wars and the United Nations was founded to prevent another such conflict. 3 years after its founding, it drafted and accepted the Universal Declaration of Human Rights. In it we find Article 11, which states that “Everyone charged with a penal offence has the right to be presumed innocent until proven guilty.” This principle has since been cemented in many constitutions and international agreements.

It’s 60 years ago this year that Article 11 was accepted by the international community. Can we say that our society has adhered to its principles? I will lay before you the case that, through progressive legislation, the presumption of innocence has become nothing but a discarded ideal in the digital world. As an online citizen, you are guilty by default and any protest is regarded with disdain. This is a timeline of terrible technology legislation.

Everyone’s a pirate and a terrorist

Legislation against criminals operating and communicating in the digital sphere is often poorly constructed. It’s either too vague, because technology has the tendency to rapidly develop, or it’s way too specific. It creates legal monopolies and incriminates innocent citizens. Over time, we see a tendency for harsher punishment of criminals and a broader definition of cybercrime. Let’s take a look at the terrible legislative decisions of The Netherlands, the European Union and the United States of America and see how they hollowed out the core principles of a free society.

Timeline of legislation discussed in this article

[US] 1986 - Computer Fraud and Abuse Act

One of the oldest pieces of legislation against computer criminality is the 1986 Computer Fraud and Abuse Act (CFAA), which came into place before the internet was even a thing. This federal law banned the “unauthorised access” of computers, though originally it’s scope was limited to financial records and the like. Through amendments in 1996, 2001 and 2008 it expanded its scope to “any unauthorised access to any protected computer that retrieves any information of any kind.” The law had become so vague that it was used to sue people who breached the Terms of Service, that endlessly long and boring legal document that comes with all software.

The most tragic of these cases is that of Aaron Swartz. Aaron was a true internet activist. He helped write the code for the Creative Commons license The Creative Commons License is a public copyright license that enables free distribution of copyrighted works. and he was a co-founder of Reddit. In 2010/2011, he downloaded about 4.8 million scientific articles on MIT’s network, with the goal of releasing them to the public. He did that by connecting a laptop to the freely accessible network and leaving it in a closet. The laptop ran a script that downloaded articles automatically, which was against the Terms of Service of the publisher.

The case against Aaron was built on the CFAA, with one of the 13 charges against him being “unauthorised access to a computer,” and breaking and entering on the MIT campus. Unable to deal with the threatened 50 years in prison and $1 million in fines, he committed suicide before his trial.

There’s no justice in following unjust laws — Aaron Swartz

A law such as the CFAA gives the US government the power to act against serious computer criminals, but also the power to exorbitantly punish people for victimless lesser crimes. The problem with Aaron Swartz wasn’t the question of whether or not he had committed a crime, but the potential severity of the punishment. He settled with the publisher, JSTOR, and returned all stolen materials shortly after getting caught. Was threatening and additional 50 years of prison a good strategy in this case? Perhaps a law that makes such disproportional punishment possible is worth revisiting, because an unjust law it is.

[Netherlands] 1991 - Revision of authors’ rights law

For our second law, we take a look at the underlying meaning of the 1991 article 16(c) in the revision of the Dutch author’s right law, the main copyright law in the Netherlands (Dutch). This revision was aimed at the so-called home copy of media. If you bought a CD and wanted to make a copy for personal use or backup, it was now legal to do so.

In exchange the Dutch government imposed a fee on all media carriers which is given to a rightsholders organisation. This organisation then divides the proceeds of this practice under rightsholder organisations. In theory this legalised piracy, as the law didn’t tell you whether or not the source you copied had to be a legal one. In 2014, the European Court of Justice ruled in that copying from illegal sources is considered illegal and that differentiation was created (Dutch).

Given a free society, why should anyone pay the rightsholders twice to backup data? Wouldn’t it be weird to have to pay an extra charge on paper to copy an article you already paid for? The fee was intended to offset the losses from the uninhibited sharing of digital media when it became cheap enough to do so (Dutch). Unfortunately, this meant that everyone had to pay rightsholders a small fee when buying a media carrier.

This created a situation where every consumer is criminalised. By imposing a fee to offset piracy on the whole of society, it rationalises the idea that everyone uses their media carriers to pirate. By this standard, you’re presumed to be guilty of piracy regardless of your intentions.

[US] 1998 - Digital Millennium Copyright Act

The 1998 Digital Millennium Copyright Act (DMCA) was a new law for a new millennium. It was a response to the rightsholders, who were concerned that everyone could freely download and distribute their works. Instead of proper use, the law is abused by rightsholders to stifle legitimate activities and hinder their competition. The Electronic Frontier Foundation (EFF) wrote a devastating report criticising 16 years under the DMCA.

A major complaint involves the DMCA’s takedown procedures. Under its Safe Harbor provisions, service providers, like YouTube and website hosting providers, are protected from legal action if they have a takedown procedure. This starts with a DMCA takedown notice, which informs the service provider of an intrusion on copyright. The service provider must then immediately remove the allegedly infringing work. The content poster, whose piece is now taken offline, will be notified and has the option to counter this claim. When this is done, the rightsholder has 14 days to produce a lawsuit or drop their claim, which means they can take content offline for 14 days without consequences.

And take content offline they do. Taking examples from the EFF’s Takedown Hall of Shame, we learn that Sony filed copyright claims to works of Bach. They filed a DMCA takedown on a video of a musician playing one of the composer’s pieces, for which the musician’s counter claim stated that Bach was dead for 300 years. This claim was rejected by Sony, most likely due to an automated process.

Or take the case where a ten hour long video of static noise was taken down because it contained absolutely random noise. And that’s not diving into the blocking of negative reviews, suppression of research or interference with other legislation. It’s a law that gives publishers good faith, which they show they cannot be trusted with, and harms people’s rights of fair use and free speech. A DMCA takedown notice presumes innocence of the party filing the claim and establishes your guilt by removing your work before you can defend yourself. In this twisted scenario, the burden of proof lies on the defendant and not on the claimant.

When we consider the DMCA, there’s one more item we should take into account. Companies that produce analog video equipment were required to use a specific type of copyright protection in their equipment: Analog Copy Protection (ACP). ACP was a proprietary technique developed by Rovi Corporation. It’s designed to stop users’ attempts to reproduce content through analog cables by distorting the images when the right hardware isn’t in place. By doing so, the legislation created a monopoly for a commercial film in order to protect copyright. In addition to everything else it’s the cherry on top of the cake.

[US] 2001 - PATRIOT Act

The final law in this first part is the scariest one yet: the USA PATRIOT Act. It was drafted in the wake of the 9/11 terror attacks. Hastily passed just 45 days after the terror attacks, the PATRIOT Act shows their intent to fight back against a threat on home soil. Instead of achieving that purpose, they created a law with surveillance capabilities that infringe on human rights and doesn’t help in stopping any terror attacks.

The act included a provision that allowed the FBI to send out National Security Letters (NSL). With these letters, they could obtain someone’s personal information without the approval of a judge. Between 2003 and 2006, the FBI issued 192.499 NSLs. From these, they managed to gather evidence for one terror-related conviction, which would’ve occurred without the abilities gained under the PATRIOT Act as well. This is in addition to earlier reports that the FBI used data gathered through NSLs in 53 criminal cases, none of which on terrorism. These cases came from a total set of 143.074 investigations, which gives us a staggeringly low success rate of 0,037% to detect any criminal activity. Proportion of criminal cases from FBI investigations under the PATRIOT Act

Proportion of criminal cases from FBI investigations under the PATRIOT Act

It is in this same timeframe, under the same legislation, that the NSA started their unbridled data collection, which came to light with the Edward Snowden reveals. Their surveillance went even further than the FBI’s, as they collected bulk data in the hope of distilling useful intelligence from that. This means that they stored metadata records This is data about the call, but not the call itself: who was calling, who was called, the time of calling and its duration. of most calls made in the USA with a foreign party.

Via their PRISM program, the NSA collected emails, Facebook posts and instant messages. The NSA basically stores as much as they can. They claimed to have prevented 54 terror attacks up until 2013, but there’s no evidence of any substantial contribution to those investigations and the number reported is inconsistent as well. For all we know, their contributions could have been as meagre as the FBI’s.

The PATRIOT Act is a terrifying piece of American legislature. Besides from the described impact it has on US citizens, all bets are off regarding NSA surveillance for foreigners. Only US citizens are allowed even remote legal protections. Government surveillance on this scale was unprecedented and, considering the results, disproportional. Especially when we consider the fact that the 9/11 attacks could’ve been prevented with better communication between intelligence agencies, as the data was there.

Collecting everyone’s information under the guise of terrorism means that either everyone is branded a potential terrorist or they are incompetent and have no clue where to start looking. Both options are equally terrifying.

Closing thoughts on Part I

Hindsight is always a comfortable position to criticise from. We know the impact these laws have had and can analyse them in a historical perspective. Still, to be brutally honest: what the hell were they thinking?! Who ever thought that mass surveillance or a priori criminalisation was a good idea? Ignorance and corporate agendas seem to be the prevailing themes in these laws, where acting seems to be preferred to rationalising the decisions made. Citizens and societal values are disregarded, often in favour of corporate interests, and governments make themselves look incompetently evil.

While I heartily disagree with corporate practises online, it always seemed to me that our chosen representatives should look out for the benefit of society. It’s possible to shy away from bad business, but impossible to avoid the entity that makes the laws you have to abide to. The weaker class should be protected in a democracy, not criminalised.

In part II we will take a look at the legislation after the PATRIOT Act and reflect on what the whole means for our society. Did I miss anything? Am I absolutely right or terribly wrong? Let me know what you think in the comments.

Thanks to The Celluloid Android for letting me use their poster in the header image.