Freedom on the Net 2016 - United States

Country:	United States
Year:	2016
Status:	Free
Total Score:	18 (0 = Best, 100 = Worst)
Obstacles to Access:	3 (0 = Best, 25 = Worst)
Limits on Content:	2 (0 = Best, 35 = Worst)
Violations of User Rights:	13 (0 = Best, 40 = Worst)
Population:	321.4 million
Internet Penetration:	75 percent
Social Media/ICT Apps Blocked:	No
Political/Social Content Blocked:	No
Bloggers/ICT Users Arrested:	No
Press Freedom Status:	Free

Key Developments, June 2015-May 2016

• The USA FREEDOM Act passed in June 2015 limited bulk collection of Americans' phone records and established other privacy protections. Nonetheless, mass surveillance targeting foreign citizens continues through programs authorized under Section 702 of the FISA Amendments Act and Executive Order 12333 (see Surveillance, Privacy, and Anonymity).

• Online media outlets and journalists face increased pressure, both financially and politically, that may impact future news coverage (see Media, Diversity, and Content Manipulation).

• Following a terrorist attack in San Bernardino in December 2015, the FBI sought to compel Apple to bypass security protections on the locked iPhone of one of the perpetrators (see Surveillance, Privacy, and Anonymity).

Introduction:

Internet freedom improved slightly as the United States took a significant step toward reining in mass surveillance by the National Security Agency (NSA) with the passage of the USA FREEDOM Act in June 2015.

The law ended the bulk collection of Americans' phone records under Section 215 of the PATRIOT Act, a program detailed in documents leaked by former NSA contractor Edward Snowden in 2013 and ruled illegal by the Second Circuit Court of Appeals in May 2015. Intelligence agencies must now make more specific requests to telecommunications companies to retrieve records. Under the law, a privacy advocate will be included in proceedings in the closed-door FISA court, which approves surveillance requests.

Despite these improvements, privacy advocates continue to call for reforms of Section 702 of the FISA Amendments Act and Executive Order 12333, which have been used to authorize other mass surveillance programs that collect metadata and communications content targeting foreign civilians, and which sweep up and store Americans' information in the process.

The debate over encryption, fueled in part by the NSA revelations in 2013, continued throughout the past year and intensified following a Federal Bureau of Investigation (FBI) investigation into a mass shooting in San Bernardino, California in December 2015. After recovering one of the assailant's passcode-protected iPhones, the FBI obtained a court order that would have compelled Apple to create a software update to disable the passcode and allow access to the phone's contents. Apple refused, and the U.S. Department of Justice dropped the case after the FBI said a third party was able to successfully hack into the phone.^[1]

While freedom of expression is well protected and the online media environment generally represents a range of diverse viewpoints, a few cases of powerful individuals seeking to punish media outlets signaled a worrying trend. Donald Trump, the Republican nominee in the 2016 presidential race, repeatedly prevented journalists – including several from online outlets – from attending press briefings in retribution for their critical coverage of his campaign. In May 2016, news reports said billionaire tech entrepreneur Peter Thiel had financed a lawsuit against Gawker Media with the intention of bankrupting the company, apparently in retaliation for online news reports published by the group that he said invaded his privacy. This set a troubling precedent for targeted litigation as an intimidation tactic and a financial constraint on media freedom.

Following the release of the Open Internet Order that established net neutrality protections in 2015, the Federal Communications Commission (FCC) continued to advance broadband access and protect the open internet. As part of the authorization of Charter Communications' acquisition of Time Warner Cable in May 2016, the FCC required that the company establish new cable lines in areas without access, and provide affordable internet access to at least 525,000 low-income families. In December 2015, Chairman Tom Wheeler said the commission would examine the practice of zero-rating – programs offered by telecommunications companies which allow users unlimited access to content from select providers, while charging for others – to determine whether these programs are in line with the Open Internet Order's net neutrality provisions.

Obstacles to Access:

Access to the internet in the United States is largely unregulated. It is provided and controlled in practice by a small group of private cable television and telephone companies that own and manage the network infrastructure. This model has been questioned by observers who warn that insufficient competition in the ISP market could increase the cost of access, adversely affecting the economy and individuals' participation in civic life, which increasingly occurs online.^[2] In 2016, the FCC began buying TV airwaves to resell to mobile broadband providers in a spectrum auction designed to increase wireless broadband availability and improve data delivery services, as more users rely on mobile phones for internet access.

Availability and Ease of Access

Although the United States is one of the most connected countries in the world, the speed, affordability, and availability of its broadband networks has fallen behind several other developed countries. According to the International Telecommunication Union, internet penetration in the United States reached 74 percent by the end of 2015.^[3] Broadband adoption rates are high, with approximately 80 percent of Americans subscribing to either a home-based or smartphone-based internet service as of 2015, though the percentage of those who only have smartphone-based access is increasing, while home-based access is decreasing.^[4] While the broadband penetration rate is high by global standards, it lags significantly behind countries such as Switzerland, the Netherlands, Denmark, and South Korea.^[5] Moreover, access, cost, and usability remain barriers for many Americans, particularly senior citizens, people who live in rural areas, and low-income households. However, internet access rates for those 65 years of age and older has steadily increased over the past decade, with more 58 percent of individuals in this age bracket using the internet as of 2015, according to recent data from the Pew Research.^[6]

The FCC's annual progress report on broadband adoption issued in January 2016 found that a digital divide between Americans living in rural versus urban areas persists despite some improvements.^[7] Lack of access in rural areas continues to be a barrier, where low population densities make it less appealing for private companies to make large investments in network infrastructure. As a result, 39 percent of rural residents lack access to broadband internet, compared with only 4 percent of urban residents.

In January 2015, citing advances in technology, market offerings, and consumer demand, the Federal Communications Commission (FCC) updated its benchmark speeds for broadband internet service to 25 Megabits per second (Mbps) download and 3 Mbps upload, up from the 2010 standard of 4 Mbps download and 1 Mbps upload. Under the new definition, the FCC found that 10 percent of the population lacks access to broadband service in its January 2016 report, compared to 17 percent in 2015.^[8]

The cost of broadband internet access in the United States continues to be higher than many countries in Europe with similar internet penetration rates. According to a 2014 report, the median cost of broadband access with speeds of 30 Mbps is US$55 in the United States, compared to US$43 in Europe.^[9] For gigabit internet service (speeds of 1,000 Mbps or higher), prices in Tokyo, Seoul, and Hong Kong ranged from US$30-40 per month, compared to $70-110 in cities like Chattanooga and Lafayette, LA that have community broadband networks, and $70 in cities like Kansas City with Google Fiber.^[10] Yet most cities in the United States do not have these options. Cities like Los Angeles, Washington DC, and New York, which had the next highest speeds of 500 Mbps offered through Verizon Fios, cost on average US$299 per month.^[11]

Uptake rates for internet-enabled mobile devices have increased dramatically throughout the United States in recent years. In 2015, 92 percent of adults reported that they own a mobile phone, and 68 percent of adults own a smartphone.^[12] A growing number of people use their cell phones to view streaming video services offered by companies such as Netflix or Hulu (33 percent of smartphone owners in 2015, compared to 15 percent in 2012).^[13] Pew Research reported in early 2015 that young adults, minorities, and those with lower household incomes are more likely to be "smartphone-dependent," with limited options for internet access other than their phones.^[14]

Restrictions on Connectivity

Internet users in the United States face few government-imposed restrictions on their ability to access content online. The backbone infrastructure is owned and maintained by private telecom companies, including AT&T and Verizon. In contrast to countries with only a few connections to the backbone internet infrastructure, the United States has numerous connection points, which would make it nearly impossible to disconnect the entire country from the internet.

At the same time, law enforcement agencies in the United States are known to have and occasionally wield the power to inhibit wireless internet connectivity in emergency situations. The federal government has a secret protocol for shutting down wireless internet connectivity in response to particular events, some details of which recently came to light following a lawsuit brought under the Freedom of Information Act.^[15] The protocol, known as Standard Operating Procedure (SOP) 303, established in 2006 on the heels of a 2005 cellular-activated subway bombing in London, codifies the "shutdown and restoration process for use by commercial and private wireless networks during national crisis." However, what constitutes a "national crisis," and what safeguards exist against abuse remain largely unknown, as the full SOP 303 documentation has never been released to the public.^[16]

State and local law enforcement also have tools to jam wireless internet. In 2011, San Francisco public-transit provider Bay Area Rapid Transit (BART) interrupted wireless service on its platforms to disrupt protests sparked by the police shooting of a homeless man named Charles Hill.^[17] In December 2014, the FCC issued an Enforcement Advisory clarifying that it is illegal to jam cell phone networks without a federal authorization, even for state and local law enforcement agencies.^[18]

ICT Market

There are few obstacles that prevent the existence of diverse business entities providing access to digital technologies in the United States, which is home to a thriving startup community of innovators and entrepreneurs that has produced many low-cost, globally successful online platforms and tools.

While there are many broadband service providers operating in the United States, the industry has trended toward consolidation. As of 2015, five dominant providers – Comcast, AT&T, Time Warner Cable, Verizon, and CenturyLink – owned the majority of network cables and other infrastructure, serving a combined 65 million customers and controlling 70 percent of the market for 4 Mbps service.^[19] For customers subscribing to service that meets the new 25 Mbps benchmark for broadband, the market is even less competitive, with a single provider – Comcast – controlling over 50 percent of the market.^[20]

Further consolidation of the telecom sector threatens to limit consumer choice of ICT services. On May 6, 2016, the FCC announced that it had voted to approve Charter Communications Inc.'s acquisition of Time Warner Cable and Bright House Networks, which was subsequently approved by the California Public Utilities Commission.^[21] The deal would result in two companies – Charter Communications and Comcast – controlling an estimated 70 percent of the market for broadband access, raising concerns about increased market consolidation.^[22] At the same time, the FCC included provisions within the deal that require Charter Communications to expand broadband availability in an effort to close the digital divide, including establishing new cable lines in areas of California without access, and providing affordable internet access to at least 525,000 low-income families.^[23] Other conditions prohibit the companies from taking steps that would privilege cable services over online video competitors, such as imposing data caps on online content that would discourage subscribers from streaming video.^[24] In 2015, regulators at the FCC and the Department of Justice blocked a proposed merger between Time Warner Cable and Comcast, citing concerns about Comcast's ability to interfere with over-the-top services (such as Netflix), as well as increased market concentration.

In 2005, the FCC embraced an aggressive deregulation agenda that freed network owners from a longstanding obligation to lease their lines to competing providers. Deregulation proponents claimed that this step would give large cable and telephone companies incentive to expand and upgrade their networks, while opponents worried that the move would lead to higher prices, fewer options for consumers, and worse service. Although average broadband speeds have increased over the past decade, the majority of American households have access to only one broadband provider that offers download speeds of at least 25 Mbps.^[25]

Americans increasingly access the internet via mobile technologies, as wireless carriers deploy advanced Long-Term Evolution (LTE) networks. Following a decade of consolidation, the U.S. wireless market is dominated by four national carriers – AT&T, Verizon, Sprint, and T-Mobile – which accounted for 98 percent of the market share by the end of 2014. The combined revenue of AT&T and Verizon Wireless alone accounted for 71 percent of the market.^[26] The U.S. government has looked unfavorably on further consolidation of mobile networks. Regulators blocked AT&T's proposed merger with T-Mobile in 2011, and separately signaled that they would block a rumored merger between Sprint and T-Mobile in 2014.^[27] Moreover, the government has promoted mobile broadband through a series of spectrum auctions. In March 2016, the FCC began the process of buying back airwaves set aside for TV broadcasters to increase the available spectrum for wireless broadband, as outlined in the government's 2012 National Broadband Plan, which set a goal of establishing universal broadband by 2020.^[28]

In January 2015, President Barack Obama announced an initiative to encourage the development of community-based broadband services and asked the FCC to remove barriers to local investment.^[29] One month later, the FCC "preempted," or overturned, state laws in Tennessee and North Carolina that restrict local broadband services, arguing that such laws create barriers to broadband deployment.^[30] In August 2016, a federal court ruled that the FCC does not have the authority to preempt these state laws,^[31] which are also on the books in many other states. The ruling threatens to limit affordable broadband options for small remote communities.

Regulatory Bodies

No single agency governs the internet in the United States. The Federal Communications Commission (FCC), an independent agency, is charged with regulating radio and television broadcasting, interstate communications, and international telecommunications that originate or terminate in the United States. The FCC has jurisdiction over a number of internet-related issues, especially since February 2015, when it issued a decision to legally classify broadband as a telecommunications service under the Communications Act. Other government agencies, such as the Commerce Department's National Telecommunications and Information Administration (NTIA), also play advisory or executive roles with respect to telecommunications, economic and technological policies, and regulations. It is the role of Congress to create laws that govern the internet and delegate regulatory authority. Government agencies such as the FCC and the NTIA must act within the bounds of congressional legislation.

Limits on Content:

Access to information on the internet is generally free from government interference in the United States. There is no government-run filtering mechanism affecting content passing over the internet or mobile phone networks. Users with opposing viewpoints engage in vibrant online political discourse and face almost no legal or technical restrictions on their expressive activities online. However, politicians and businessmen raised concerns about press freedom by openly articulating their intentions to silence media outlets they believed to be opposing them, including many that operate online. Additionally, revelations about the extent of government surveillance of online communications and aggressive investigations into journalists in whistleblower cases have led some to reports of increased self-censorship online.

Blocking and Filtering

In general, the U.S. government does not block or filter online content. Some states require publicly funded schools to install filtering software on their computers to block obscene, illegal, or harmful content.^[32] The Children's Internet Protection Act of 2000 (CIPA) requires public libraries that receive certain federal government subsidies to install filtering software that prevents users from accessing child pornography or visuals that are considered obscene or harmful to minors. Libraries that do not receive the specified subsidies from the federal government are not obliged to comply with CIPA, but more public libraries are seeking federal aid in order to mitigate budget shortfalls.^[33] Under the U.S. Supreme Court's interpretation of the law, adult users can request that the filtering be removed without having to provide a justification. However, not all libraries allow this option, arguing that decisions about filtering should be left to the discretion of individual libraries.^[34]

The rise of the Islamic State has sparked intense debate about the appropriate role of social media companies in combating the use of mainstream social media as a tool used by terrorist organizations for recruitment and communication. Some government officials have proclaimed that social media companies are being exploited by terror organizations, and that the companies have an active responsibility to block or remove terror-related content.^[35] Various companies maintain internal trust and safety policies with regard to hate speech and extremist groups, and in July 2015, the Senate Intelligence Committee approved legislation in a closed hearing that would require "electronic communication service providers" to report suspected terrorist content to federal authorities.^[36]

Content Removal

The government does not censor any particular political or social viewpoints, although legal rules do restrict certain types of content on the internet. Illegal online content, including child pornography and content that infringes on copyright, is subject to removal through a court order or similar legal process if it is hosted within the United States. Aside from these examples, government pressure on ISPs or content hosts to remove content is not a widespread issue. Social media companies and other content providers may remove content that violates their terms and conditions.

Content removal by private companies was brought into the spotlight in August 2016 (outside the coverage period of this report) when Facebook complied with a request from Baltimore police to temporarily disable Facebook and Instagram accounts operated by 23-year-old Korryn Gaines. Gaines was using her Facebook account to broadcast live as she used a shotgun to resist police attempting to serve her with an arrest warrant stemming from traffic violations. Later during the same encounter she was shot and killed, and her five-year-old son wounded.^[37] Facebook subsequently restored her account, but restricted two videos it said violated its terms of service. Critics of the measure said the videos could have revealed more information about the circumstances of Gaines' death.^[38] Smartphone videos of law enforcement shootings of African American citizens have drawn national media attention to cases that might otherwise be underreported and can support criminal charges against police officers if they provide evidence of misconduct.^[39] Individuals who have filmed shooting incidents routinely report harassment by police (see Prosecutions and Detentions for Online Activity and Intimidation and Violence).

One of the most important protections for online free expression in the United States is Section 230 of the Communications Decency Act of 1934 (CDA 230), amended by the Telecommunications Act of 1996, which generally shields online sites and services from legal liability for the activities of their users, allowing rich user-generated content to flourish on a variety of platforms.^[40] However, public concern over intellectual property violations, child pornography, protection of minors from harmful or indecent content, harassing or defamatory comments, publication of commercial trade secrets, gambling, and financial crime have presented a strong impetus for aggressive legislative and executive action, and some have threatened to undermine the broad protections of CDA 230.

Congress has passed several laws designed to restrict adult pornography and shield children from harmful or indecent content online, such as the Child Online Protection Act of 1998 (COPA), but these laws have been overturned by courts due to their ambiguity and potential infringements on the First Amendment of the U.S. Constitution, which protects freedom of speech and the press. Advertisement, production, distribution, and possession of child pornography – on the internet and in all other media – is prohibited under federal law and can carry a sentence of up to 30 years in prison. According to the Child Protection and Obscenity Enforcement Act of 1988, producers of sexually explicit material must keep records proving that their models and actors are over 18 years old. In addition to prosecuting individual offenders, the Department of Justice, the Department of Homeland Security, and other law enforcement agencies have asserted their authority to seize the domain name of a website allegedly hosting child abuse images after obtaining a court order.^[41]

In 2015, Congress introduced a law known as the SAVE Act, which would help protect against sex trafficking of children by making it a serious criminal offense to publish advertisements related to sex trafficking or to benefit from such advertising.^[42] Civil society groups argued that the law's harsh penalties would chip away at CDA 230 protections, chill a robust advertising ecosystem that is generally content neutral, and encourage online websites and services to self-censor.^[43] On May 29, 2015, the SAVE Act became law after it was added to S. 178 Justice for Victims of Trafficking Act of 2015.^[44] The final text of the legislation was changed to make it illegal to knowingly advertise content related to sex trafficking, a higher requirement than an earlier draft that would have established liability for "knowledge of" or "active disregard for the likelihood of" hosting such content.^[45] At the same time, the law still establishes federal criminal liability for third-party content, which could lead to companies choosing to over-censor rather than face criminal penalties, or to limit the practice of monitoring content altogether so as to avoid "knowledge" of illegal content.^[46]

The government has pursued alleged infringements of intellectual property rights on the internet more aggressively in recent years. Since 2010, the Immigration and Customs Enforcement (ICE) division of the Department of Homeland Security has engaged in several rounds of domain-name seizures, with targets including blogs and file-sharing sites that allegedly link to illegal copies of music and films, as well as sites that sell counterfeit goods.^[47] These seizures have been criticized as overly secretive and lacking in due process. Nevertheless, ICE continues to pursue the project, known as "Operation In Our Sights."^[48] In November 2015, ICE partnered with law enforcement agencies from 27 countries to seize 37,479 websites selling counterfeit merchandise.^[49]

In 2014, the International Trade Commission (ITC), a trade agency that can block the importation of goods that infringe intellectual property, declared that it had the authority to block the cross-border transmission of data violating a U.S. patent.^[50] Civil society groups and academics urged the ITC to reconsider, cautioning that the "decision has enormous ramifications, opening the door to internet content blocking efforts rejected by Congress and the public."^[51] In a positive step, the Federal Circuit Court of Appeals issued a decision on November 10, 2015 stating that the ITC does not have jurisdiction over electronically imported data.^[52]

For copyright infringement claims, the removal of online content is dictated by the safe harbor provisions created in Section 512 of the Digital Millennium Copyright Act (DMCA).^[53] Operating through a "notice-and-takedown" mechanism, internet companies are shielded from liability if they remove infringing content upon receipt of a DMCA notice. However, because companies have the incentive to err on the side of caution and remove any hosted content subject to a DMCA notice, there have been occasions where overly broad or fraudulent DMCA claims have resulted in the removal of content that would otherwise be excused under free expression, fair-use, or educational provisions.^[54] In some cases, the immediate removal of content through DMCA requests has been used to target political campaign advertisements, since they are unlikely to be challenged in court after the campaign ends and achieve the goal of making the content unavailable during the campaign season.^[55]

Major internet companies, including Google, Twitter, Facebook, and Yahoo, publish information about removal requests from governments based on local laws. In its most recent report, Twitter reported receiving three court orders and ninety-eight U.S. government or law enforcement requests to remove or withhold content between July and December of 2015, but did not comply.^[56] Yahoo reported receiving three U.S. government removal requests during the same period, and complied with one of them.^[57] Google reported receiving 286 U.S. government requests to remove content from its platforms from January to July 2015, and complied fully or partially in 86 percent of instances.^[58]

In February 2016, the United States signed the Trans-Pacific Partnership (TPP) trade agreement with 11 other participating countries following years of secret negotiations that critics said lacked consultation from civil society and other stakeholders.^[59] The agreement primarily governs free trade between nations. The text of the TPP agreement, made public in November 2015, included provisions that would extend portions of U.S. copyright terms internationally. Observers noted this would make it more difficult for legislators to reform those laws.^[60]

Media, Diversity, and Content Manipulation

The online environment in the United States is vibrant, diverse, and generally free of economic or political constraints. Anyone can start a blog, forum, or social media site to discuss opinions and share news and information. The FCC's decision to protect net neutrality regulations prohibits ISPs from throttling, blocking, or otherwise discriminating against internet traffic based on its content. In addition, over the past year the FCC has questioned whether zero-rating practices by mobile providers violates these net neutrality protections.

At the same time, an increasingly partisan media environment has negatively impacted several online media outlets. Donald Trump, the Republican Party candidate in the 2016 presidential race, refused to issue press credentials for several media outlets whose coverage he deemed unfavorable in late 2015 and early 2016. Reporters from the online media outlets Buzzfeed, Politico, Huffington Post , and the Daily Beast , as well as from the broadcast and traditional media like the Washington Post , Univision, and the Des Moines Register , were periodically prevented from attending Trump campaign press events and rallies.^[61] These restrictions – and the threat of being banned or blacklisted for unfavorable coverage – risked inhibiting objective reporting on his candidacy.^[62]

Another case also indicated the potential for powerful individuals to use personal resources to punish adversarial reporting. In May 2016, news reports revealed that Silicon Valley entrepreneur and venture capitalist Peter Thiel was financing a lawsuit against Gawker Media with the intention of bankrupting the group. The suit involved its flagship website Gawker publishing part of a sex tape involving the retired wrestling celebrity Hulk Hogan (whose real name is Terry G. Bollea).^[63] Bollea sued Gawker Media for invasion of privacy, and his lawsuit was backed by more than $10 million from Peter Thiel. Thiel contends that Gawker frequently published "damaging" content that targets individuals where "there was no connection with the public interest."^[64] Thiel himself had been the subject of commentary by Gawker Media, including an article 2007 that outed Thiel as gay.^[65] In June 2016, Gawker Media filed for Chapter 11 bankruptcy protection after a Florida jury found the company liable for $140 million in damages.^[66] While the group was known for publishing gossip and sensationalist reporting, it also published independent investigative reports, such as one into the online drug trade.^[67] Some lawyers argued that the ability of a powerful businessman to fund a personal vendetta against an online media outlet could have worrying repercussions for press freedom, discouraging journalists from investigating individuals with wealth and connections. Thiel also supported Donald Trump, who has called for changing U.S. libel laws to make it easier to sue the media.^[68]

Reports of self-censorship among journalists, lawyers, and everyday internet users persist, due to the extensive government surveillance of online communication and activities revealed over the past few years. Although the U.S. Constitution includes core protections for freedom of the press, the U.S. government does bring some enforcement actions against whistleblowers and journalists. The then-Attorney General said in 2013 that the government would not prosecute Glenn Greenwald, the journalist who first published documents leaked by Edward Snowden, or "any journalist who's engaged in true journalistic activities,"^[69] but investigations and prosecutions of several other whistleblowers and journalists continue. In 2016, a grand jury investigation into whistleblower website Wikileaks was ongoing. In 2015, news reports said the government had issued warrants to Google to access at least three journalists' Google email accounts and metadata in 2012, and barred the company from notifying the targets.^[70] Reporters from several major media outlets have had their communications collected in pursuit of other whistleblower investigations.

Journalists report that their ability to investigate and publish freely has been chilled in recent years due to government pressure and threats to the security of their digital communications. Several recent studies have concluded that the aggressiveness with which the Department of Justice investigates leaks – as well as pervasive government surveillance programs such as those disclosed by Edward Snowden – causes journalists and writers to self-censor and raises concerns about whether they are able to protect the confidentiality of their sources.^[71]

Writers responding to a survey by the free expression and literature advocacy group PEN America reported increased self-censorship following the NSA surveillance revelations, according to results published in January 2015. Of 520 respondents, 42 percent reported having altered or avoided social media activities, 31 percent reported deliberately avoiding certain topics in phone or email conversations, and 34 percent reported avoiding writing or speaking about a particular topic.^[72] Separately, Human Rights Watch and the American Civil Liberties Union surveyed journalists and lawyers in 2014 about the impact of the revelations on their ability to communicate with sources and clients confidentially. Journalists reported that government officials are significantly less likely to accept interviews due to concerns about anonymity and the ability of the intelligence agencies to access their communications information. Lawyers also reported facing increasing pressure to conceal or secure their communications with clients, particularly in cases with foreign governments or prosecutions that might spark an intelligence inquiry.^[73]

Ordinary American citizens have also changed their behavior in response to extensive government surveillance. A study published in Journalism & Mass Communication Quarterly in February 2016 found that priming participants with subtle reminders about mass surveillance had a chilling effect on individuals' willingness to publicly express minority opinions online.^[74] A March 2015 study by the Pew Research Center on Americans' privacy strategies post-Snowden noted that 30 percent of people surveyed had altered their behavior, including changing privacy settings, being more selective about applications they use, or communicating in person instead of online or over the phone.^[75]

Diversity of content online is ensured in part through the protection of network neutrality – a foundational principle of the internet that prohibits network operators from giving preferential treatment to favored content or from blocking disfavored content. In February 2015, the FCC approved a new Open Internet Order that many legal experts believe is based on stronger legal authority than an earlier version of the order issued in 2010,^[76] which was later vacated by the courts.^[77] The order prohibits blocking and unreasonable discrimination on both fixed and wireless networks, reflecting the growing importance of mobile broadband in the United States. As with the 2010 order, several broadband companies and their trade associations filed a lawsuit against the FCC to overturn the rules.^[78] On June 14, 2016, the federal appeals court in Washington DC upheld the FCC's authority to issue the Open Internet Order, further solidifying the principle of net neutrality.^[79]

In December 2015, the FCC sent letters to Comcast, AT&T, and T-Mobile requesting information about their zero-rating services, which allow unlimited streaming of video content from some services but not from others.^[80] FCC Chairman Tom Wheeler stated that the letters were not part of an official investigation, instead emphasizing that he wanted to make sure these practices are compatible with the goal of maintaining a free and open internet. More than 50 advocacy groups signed a letter to Chairman Wheeler arguing that zero-rating practices violate net neutrality and the spirit of the Open Internet Order, though it does not explicitly prohibit them.^[81] As of June 2016, the FCC had not taken any further steps toward formally investigating the zero-rating services.

Digital Activism

Political activity in the United States is increasingly moving online. According to a 2014 survey by the Pew Research Center, between the 2010 and 2014 midterm elections, the proportion of Americans using social media to follow politicians more than doubled, from 6 percent to 16 percent.^[82] In 2013, another Pew survey found that 34 percent of American adults used online methods to contact a government official or to speak out in a public forum; 39 percent had participated in political activity using a social networking site like Facebook or Twitter in the prior year; and 21 percent of email users reported regularly receiving calls to action on social or political issues by email.^[83] In addition, political candidates and elected officials increasingly use email, mobile apps, and online content to garner support and keep their constituents engaged. Researchers have come to a general consensus that internet use is now deeply linked to political participation and citizenship.^[84]

An unprecedented number of Americans used online tools to mobilize in support of the open to advance the FCC's passage of a historic network neutrality order in February 2015. Nearly 4 million Americans contacted the FCC about its proposed net neutrality rules – a record-breaking number that far exceeded the number of comments the agency had received on any topic in its history.^[85] The FCC's website crashed several times as a result of the influx of public comments, notably after comedian John Oliver urged Americans to contact the agency in a televised rant that went viral on social media.^[86] A broad coalition of grassroots organizations, advocacy groups, and technology companies used online tools to mobilize supporters and pressure the FCC and elected officials. In September 2014, members of this coalition staged an "Internet Slowdown Day" in which dozens of high-profile websites displayed a spinning wheel to indicate what the internet could look like in a world without net neutrality protections.^[87] When the FCC approved the strongest network neutrality rules in its history in February 2015, policymakers credited the millions of Americans who spoke out in online forums.^[88]

Violations of User Rights:

The United States has a robust legal framework that supports freedom of expression both online and offline, and the government does not typically prosecute individuals for online speech or activities unless a crime is committed. The broader picture of user rights in America, however, has become increasingly complex as a series of U.S. government practices, policies, and laws touch on, and in some cases appear to violate, the rights of individuals both inside the United States and abroad. Government surveillance is a major concern, especially following revelations about NSA practices, although several of these programs were reformed following the passage of the USA FREEDOM Act in June 2015. Aggressive prosecution under the Computer Fraud and Abuse Act (CFAA) has also been criticized. In addition, the privacy of NGOs, companies, government agencies and individual users is threatened by a growing number of cyberattacks initiated by both domestic and international actors.

Legal Environment

The First Amendment of the U.S. Constitution includes protections for free speech and freedom of the press, and in 1997 the US Supreme Court reaffirmed that online speech has the highest level of constitutional protection.^[89] Lower courts have consistently struck down attempts to regulate online content.

Nonetheless, aggressive prosecution under the Computer Fraud and Abuse Act (CFAA) has fueled growing criticism of the law's scope and application. Under CFAA, it is illegal to access a computer without authorization, but the law fails to define the term "without authorization," leaving the provision open to interpretation in the courts.^[90] In one prominent case from 2011, programmer and internet activist Aaron Swartz secretly used Massachusetts Institute of Technology servers to download millions of files from JSTOR, a service providing academic articles. Prosecutors sought harsh penalties for Swartz under CFAA, which could have resulted in up to 35 years imprisonment.^[91] Swartz committed suicide in 2013 before he could be tried. After his death, a bipartisan group of lawmakers introduced "Aaron's Law," draft legislation that would prevent the government from using CFAA to prosecute terms of service violations and stop prosecutors from bringing multiple redundant charges for a single crime.^[92] The bill was reintroduced in 2015,^[93] but in mid-2016 had not garnered enough support to move forward.

Companies are shielded from liability for the activities of their users by Section 230 of the Communications Decency Act (see Content Removal). The Digital Millennium Copyright Act (DMCA) of 1998 provides a safe harbor to intermediaries that take down allegedly infringing material after notice from the copyright owner.^[94] A number of U.S. laws also protect speech from harmful corporate actions, including corporate surveillance that may lead users to self-censor, and failure of private actors to sufficiently protect internet users' personal information from unauthorized access (see Surveillance, Privacy, and Anonymity).

There are no legal restrictions on user anonymity on the internet, and constitutional precedents protect the right to anonymous speech in many contexts. There are also state laws that stipulate journalists' right to withhold the identities of anonymous sources, and at least one such law has been found to apply to bloggers.^[95] The legal framework for government surveillance, however, has been open to abuse. In June 2015, President Obama signed the USA FREEDOM Act into law in June 2015, introducing some restrictions on the way the NSA can access information about American citizens from their phone records. Other laws used to authorize surveillance have yet to be reformed (see Surveillance, Privacy, and Anonymity).

During the coverage period of this report, the Senate passed a version of the Cybersecurity Information Sharing Act (CISA) bill to promote information sharing about security threats between private companies and federal agencies (see Technical Attacks).^[96]

Prosecutions and Detentions for Online Activities

Prosecutions or detentions for online activities, particularly for online speech, are relatively infrequent given broad protections under the First Amendment. However, there have been prosecutions related to threats posted on social media, arrests related to filming police interactions, and problematic prosecutions under the Computer Fraud and Abuse Act.

On June 1, 2015, the Supreme Court overturned the conviction of a man who posted violent threats on Facebook, marking its first ruling on a free speech case involving social media.^[97] Anthony Elonis had been sentenced for threatening another person over state lines based on Facebook posts directed at his estranged wife. The Supreme Court ruled that prosecutors had not done enough to prove that his intent at the time he made the statements was to issue a threat.^[98] Analysts said the court's decision gave little guidance to judges and lawyers in future cases and did not weigh in on the First Amendment implications of the case, deciding instead only on the criminal law principle of intent.^[99]

Police periodically detain individuals who upload images or broadcast live video of police activity with their phones, posing a threat to First Amendment protections.^[100] Most of the arrests have been made on unrelated charges, such as obstruction or resisting arrest, since openly filming police activity is a protected right. Several citizen journalists were arrested or reported police intimidation while attempting to record police activity with smartphones in 2014 and 2015 during protests in the aftermath of the police killings of Eric Garner, Freddie Gray, and Michael Brown in New York, Baltimore, and Ferguson, Missouri respectively. During protests in Ferguson, at least 21 journalists were arrested, including reporters for the Huffington Post and the Washington Post ;^[101] and Antonio French, a city alderman in St. Louis, was detained by the police while covering police activity on Twitter, Vine, and Instagram. In July 2016, outside the coverage period of this report, police briefly detained or harassed individuals who shared footage online of the fatal shootings by police of Alton Sterling in Baton Rouge, Louisiana and Philando Castile in St. Anthony, Minnesota (see Intimidation and Violence).^[102]

During the reporting period, the government used the Computer Fraud and Abuse Act to prosecute Matthew Keys, a former Tribune Company journalist and social media editor who had given log-in credentials to the hacking group Anonymous. The hackers used the information to change the headline of a story on the Los Angeles Times website. Charged with a felony and facing a maximum penalty of 25 years in prison, Keys was convicted in October 2015 and sentenced to two years' imprisonment on April 13, 2016.^[103] Some critics of CFAA argued that Keys' sentencing was overly harsh, and that many of his crimes could be charged as misdemeanors.^[104]

Many states also have their own laws related to computer hacking or unauthorized access. Several smaller cases in the past few years highlight the shortcomings and lack of proportionality of these laws. In December 2014, 21-year-old Georgia Institute of Technology student Ryan Gregory Pickren was arrested on felony computer trespass charges after hacking into the rival University of Georgia's online calendar as part of a prank leading up to a football game between the two schools. According to Georgia state law, a person convicted for computer trespass – defined as "alter[ing], damag[ing] or in any way caus[ing] the malfunction of a computer, computer network, or computer program regardless of how long it occurs" – faces a maximum penalty of 15 years in prison and a $50,000 fine.^[105] Pickren was ultimately accepted into a pretrial intervention program in lieu of prosecution. In a separate case in early 2015, Florida authorities arrested 14-year-old Domanik Green on felony cybercrime charges after the boy used a teacher's administrative password to log onto a school computer and change its desktop background.^[106]

Surveillance, Privacy, and Anonymity

The passage of the Uniting and Strengthening America by Fulfilling Rights and Ensuring Effective Discipline Over Monitoring Act of 2015 (USA FREEDOM Act) in June 2015 marked the most significant reform to U.S. surveillance practices in recent decades. Despite this reform, however, a number of problematic provisions within U.S. law revealed during the 2013 NSA leaks remain in effect.

Under a set of complex statutes, U.S. law enforcement and intelligence agencies can monitor communications content and communications records, or metadata, under varying degrees of oversight as part of criminal or national security investigations. (Metadata can reveal where and when communications took place, among other details.) The government may request companies store such data for up to 180 days under the Stored Communications Act, but how they otherwise collect and store communications content and records varies by company.^[107]

Law enforcement access to metadata generally requires a subpoena issued by a prosecutor or investigator without judicial approval;^[108] a warrant is only required in California under the California Electronic Communications Privacy Act, which went into effect on January 1, 2016.^[109] In criminal probes, law enforcement authorities can monitor the content of internet communications in real time only if they have obtained an order issued by a judge, under a standard that is actually a little higher than the one established by the constitution for searches of physical places. The order must reflect a finding that there is probable cause to believe that a crime has been, is being, or is about to be committed.

The status of stored communications is more uncertain. One federal appeals court has ruled that the Constitution applies to stored communications, so that a judicial warrant is required for government access.^[110] However, the 1986 Electronic Communications Privacy Act (ECPA) states that the government can obtain access to email or other documents stored in the cloud with a subpoena.^[111] Bills to update ECPA have had significant support, including from the White House. In April 2016, the House of Representatives passed the Email Privacy Act, which would require the government to obtain a probable cause warrant before accessing email or other private communications stored with cloud service providers.^[112] As of May 2016, it was awaiting review in the Senate.^[113]

The USA PATRIOT Act, passed following the terrorist attacks of September 11, 2001, expanded government surveillance and investigative powers in terrorism and criminal investigations, permitting intelligence agencies secret access to a wide range of private business records "relevant" to terrorism investigations under Section 215 with authorization from the Foreign Intelligence Surveillance Court (FISA Court), a closed court established under the FISA Act in 1978 to approve government surveillance requests. Other provisions of the PATRIOT Act granted broad authority to conduct roving wiretaps of unidentified or "John Doe" targets, and to wiretap "lone wolf" suspects who have no known connections to terrorist networks. These expiring provisions were renewed for four years in May 2011.^[114]

In June 2013, news outlets revealed a series of secret documents leaked by former NSA contractor Edward Snowden which provided new information about governmentsurveillance activities,^[115] including bulk collection of phone records based on the PATRIOT Act. According to the documents, the FISA court had interpreted Section 215 as grounds to order telecommunications companies to provide the NSA with records of all phone calls made to, from, and within the country on an ongoing basis.^[116] NSA analysts conducted broad queries on this data without oversight.^[117] In May 2015, the Second Circuit Court of Appeals ruled that the NSA's bulk collection program under PATRIOT ACT Section 215 was illegal. The court did not comment on the constitutional questions raised by bulk collection.^[118]

On June 2, 2015, President Obama signed the USA FREEDOM Act into law. The Act extended the expiring provisions of the PATRIOT Act, including the roving wiretaps of John Doe targets and lone wolf surveillance authority, but significantly reformed Section 215.^[119] The law replaced the bulk collection program with a system that allows the NSA to access records held by phone companies with an order from the FISA court.^[120] Requests for that access require the use of a "specific selection term" (SST) representing an "individual, account, or personal device,"^[121] which is intended to prohibit broad applications for records based on zip code or other indicators, and can only be extended or renewed in certain circumstances.^[122] The SST provision also applies when intelligence agents use FISA pen registers and trap and trace devices, instruments that will capture a phone's outgoing or incoming records, and to national security letters, secret subpoenas to request call records issued by the FBI.^[123]

The USA FREEDOM Act also required that the FISA court appoint an amicus curiae , an individual (or several) qualified to provide legal arguments that "advance the protection of individual privacy and civil liberties."^[124] During the coverage period of this report, the court designated six individuals eligible to serve as an amicus curiae, five in November 2015, and a sixth on March 31, 2016.^[125] Despite these significant improvements, several privacy protections that had been included in previous versions of the bill were removed from the final text, such as revisions to Section 702 of the FISA Act (see below) that aimed to limit incidental collection or "reverse targeting" of U.S. citizens' data.^[126]

Other surveillance programs revealed by the NSA leaks were authorized under laws which, though partially reformed since they were exposed in 2013, still contain scope for surveillance that lacks oversight, specificity, and transparency.

• Section 702 of the Foreign Intelligence Surveillance Act (FISA) Amendments Act of 2008 : Section 702 was used to authorize PRISM and "Upstream" collection, the controversial programs under which the NSA reportedly collects users' communications data – including the content – directly from U.S. tech companies and through the physical infrastructure of undersea cables.^[127] Section 702 only authorizes the collection of information about foreign citizens, yet the content of Americans' communications is also collected and stored in a searchable database.^[128] The USA FREEDOM Act made no changes to this practice or to the NSA's access to the communications content collected. It limits the use of information about U.S. citizens in court or in other government proceedings if the NSA did not follow existing procedures to minimize the likelihood of collecting that information. The FISA court will determine whether or not those procedures were followed.^[129] The FISA Amendments Act is set to expire in December 2017, offering an opportunity for reform.^[130]

• Executive Order 12333 : Originally issued in 1981, Executive Order 12333 outlines how and when the NSA or other agencies may conduct surveillance on U.S. citizens and other individuals within the United States,^[131] authorizing the collection of U.S. citizens' metadata and the content of communications if that data is collected "incidentally."^[132] The extent of current NSA practices authorized under EO12333 is unclear, but documents from the NSA leaks suggest that EO12333 was used to authorize the so-called "MYSTIC" program, which was reportedly used to capture all of the incoming and outgoing phone calls of one or more target countries on a rolling basis. The Intercept identified the Bahamas, Mexico, Kenya, and the Philippines as targets in 2014.^[133] In December 2014, Congress passed a law that included a requirement that the NSA develop "procedures for the retention of incidentally acquired communications" collected pursuant to Executive Order 12333, and that such communications may not be retained for more than five years except when subject to certain broad exceptions.^[134] In January 2015, the president updated a 2014 policy directive that put in place important new restrictions relevant to EO12333 on the use of information collected in bulk for foreign intelligence purposes.^[135] Civil society groups continue to campaign for its complete reform.^[136]

The USA FREEDOM Act also changed the way private companies publicly report on government requests they receive for user information. The U.S. Department of Justice (DOJ) limits the disclosure of information about national security letters, including in the transparency reports voluntarily published by some internet companies and service providers.^[137] In 2014, the DOJ reached a settlement with Facebook, Google, LinkedIn, Microsoft, and Yahoo that would permit the companies to disclose the number of government requests they receive, but only in aggregated bands of 0-249 or 0-999.^[138] Twitter, not a party to the settlement, filed suit against the DOJ in October 2014 on grounds that the rules amount to an unconstitutional prior restraint that violates the company's First Amendment rights.^[139] In May 2016, a judge partially dismissed Twitter's case but gave them the opportunity to refile.^[140] The USA FREEDOM Act allows companies the option of more granular reporting, though reports containing more detail are still subject to time delays and their frequency is limited.^[141]

User data is otherwise protected under Section 5 of the Federal Trade Commission Act (FTCA), which has been interpreted to prohibit entities operating over the internet from deceiving users about what personal information is being collected and how it is being used, as well as from using personal information in ways that harm users without offering countervailing benefits. In addition, the FTCA has been interpreted to require entities that collect users' personal information to adopt reasonable security measures to safeguard it from unauthorized access. State-level laws in 47 U.S. states and the District of Columbia also require entities that collect personal information to notify consumers – and, usually, consumer protection agencies – when they suffer a security breach leading to unauthorized access of personal information. Section 222 of the Telecommunications Act prohibits telecommunications carriers from sharing or using information about their customers' use of the service for other purposes without customer consent. This provision has historically only applied to phone companies' records about phone customers, but following the FCC's net neutrality order, it now also applies to ISPs' records about broadband customers.^[142]

While there are no legal restrictions on anonymous communication online, some social media platforms require users to register using their real names through Terms of Service or other contracts.^[143] Online anonymity has been challenged in cases involving hate speech, defamation or libel. In one recent example, a Virginia court tried to compel the crowdsourced review platform Yelp to reveal the identities of anonymous users, before the Supreme Court of Virginia ruled that they did not have the authority.^[144]

The 2011 National Strategy for Trusted Identities in Cyberspace (NSTIC) specifically endorsed anonymous online speech.^[145] It supported the creation of an "identity ecosystem" in which internet users and organizations can more completely trust one another's identities and systems when carrying out online transactions.^[146]

By contrast, other government agencies may have acted to undermine user anonymity. Documents leaked by Edward Snowden suggest that the NSA may have engaged in cyberattacks, including a project to develop malware targeting users of Tor, a tool that enables people to communicate anonymously online,^[147] as well as efforts to undermine international technical standards for encryption.^[148] Law enforcement officials, technology experts, and privacy advocates continue to debate whether companies should be allowed to market products with strong encryption that neither they nor the government can decrypt.

Following a terrorist attack in San Bernardino in December 2015, the U.S. government sought to compel Apple to unlock a passcode-protected iPhone belonging to one of the perpetrators. Because some iPhones are programmed to permanently block access to all of the phone's encrypted data once an incorrect passcode is entered too many times, the government issued a court order that would compel Apple to create new software enabling the FBI to access the phone.^[149] This and similar cases raised the question of the degree to which the courts can force technology companies to comply with court orders, particularly those that would require the companies to alter their products. Security experts argued that requiring companies to create "backdoors" for law enforcement to access encrypted data would undermine security and public trust.^[150]

Conversely, there have been efforts to codify rules that would bar the government from requiring surveillance backdoors. In 2014, the U.S. House of Representatives approved an amendment to a bill governing appropriations which would ban spending on government-mandated backdoors with overwhelming bipartisan support, although later negotiations prevented it from being adopted into the final bill.^[151] The House approved two similar amendments in 2015.^[152] Building on that support, the Secure Data Act was introduced in Congress in December 2014, which would similarly prohibit the government from requiring that companies weaken the security of their products or insert backdoors to facilitate access.^[153] As of mid-2016, no further action had been taken.

Despite vigorous debate, there have been no legislative changes regarding the use of encryption, nor is there any indication that the government is currently planning to move forward with the technical solutions it has proposed.^[154] While the Communications Assistance for Law Enforcement Act (CALEA) currently requires telephone companies, broadband carriers, and interconnected Voice over Internet Protocol (VoIP) providers to design their systems so that communications can be easily intercepted when government agencies have the legal authority to do so, it does not cover online communications tools such as Gmail, Skype, and Facebook.^[155] Calls to update CALEA to cover online applications and communications have not been successful. In 2013, 20 technical experts published a paper explaining why such a proposal (known as "CALEA II") would create significant internet security risks.^[156]

Other legal implications of law enforcement access to devices have been debated in the courts. In 2014, a judge ruled that police could compel someone to unlock their smartphone using a fingerprint scanner, reasoning that this would be similar to requiring a DNA swab or handwriting sample.^[157] In September 2015, in a separate case involving a passcode-protected phone, a federal judge in Pennsylvania ruled that law enforcement could not compel someone to produce their passcode as this would involve the individual's personal thoughts or knowledge, which are protected by the Fifth Amendment right against self-incrimination.^[158]

In March 2016, a Maryland state appellate court issued a ruling stating that law enforcement must obtain a warrant before using "covert cell phone tracking devices" known by the product name Stingray.^[159] Stingray devices act like cell phone towers, causing nearby cell phones to send it identifying information and thus allowing law enforcement to track targeted phones or determine the phone numbers of people in a nearby area. In its decision, the court rejected the argument that individuals are effectively "volunteering" their private information when they choose to turn on their phones, since doing so allows third parties (the phone company's cell towers) to send and receive signals from the phone.^[160] This was the first court decision addressing whether a warrant is required in the use of Stringray devices^[161]

In addition to monitoring private communications, law enforcement agencies have also used open, public websites, and social media platforms to monitor different groups for suspected criminal activity. The New York Police Department (NYPD) is one such agency, with the Associated Press reporting that, from 2006 onward, the NYPD Cyber Intelligence unit monitored blogs, websites, and online forums of Muslim student groups and produced a series of secret "Muslim Student Association" reports describing group activities, religious instruction, and the frequency of prayer by the groups.^[162] In April 2014, the NYPD closed down one unit that monitored locations associated with the Muslim community, including mosques and businesses.^[163] Civil liberties advocates welcomed this step but warned that other NYPD units may still be using discriminatory practices.

Federal intelligence agencies closely monitor social media as part of their terrorism investigations.^[164] This monitoring has led to the identification of specific targets, like an Ohio man arrested in 2014 for planning to attack the Capitol who drew the attention of the FBI through Twitter.^[165] Since monitoring is not limited to the targets of investigations, it encompasses innocent individuals' online activities and may chill online speech.

Intimidation and Violence

Bloggers and other ICT users generally are not subject to extralegal intimidation or violence from state actors. However, police have used intimidation and threats to discourage bystanders from filming or from uploading footage, particularly surrounding protests related to police violence against African Americans. Citizens have a legal right to film police interactions openly if they are not interfering with police activities. Covert filming may fall under illegal wiretapping regulations.^[166]

In April 2015, Baltimore police arrested Kevin Moore after he filmed them arresting Freddie Gray and shared the footage on YouTube. Gray died from injuries sustained in police custody, prompting widespread protests against police abuse. Moore was released without charge but subsequently reported being followed by the police along with other forms of intimidation.^[167] A similar pattern of harassment was observed in July 2016, after the coverage period of this report, when police in Louisiana detained store owner Abdullah Muflahi for six hours and confiscated his cellphone after he filmed the fatal shooting of Alton Sterling by police. Chris LeDay, a Georgia-based musician who shared another video of the same incident on Facebook, was arrested soon after for unpaid traffic fines.^[168]

Technical Attacks

Financial, commercial, and governmental entities in the United States are targets of significant cyberattacks. Government policies and laws are in place to prevent and protect against cyberattacks, though many question their impact, effectiveness, and respect for civil liberties.

In June 2015, government officials reported two successive cyberattacks beginning in March 2014 which resulted in hackers breaching the Office of Personal Management (OPM) and other executive agencies.^[169] The social security numbers of over 21.5 million individuals, including former employees and their spouses or acquaintances, were stolen.^[170] Some analysts linked the attack to a Chinese state-backed hacker known as "Deep Panda."^[171] Some commentators said the Obama administration refrained from accusing China of involvement in the hack to avoid disclosing evidence that might reveal the United States' own cybersecurity capabilities.^[172] The Chinese government denied involvement, and reported the arrest of several individuals they said carried out the hack prior to President Xi Jinping's visit to the U.S. in September.^[173]

In response to these incidents and others, the U.S. has taken legal and policy measures to address growing cyber-threats. In December 2015, President Obama signed an omnibus bill that included a version of the Cybersecurity Information Sharing Act (CISA) already passed in the Senate. The Act intends to mitigate cybersecurity threats by requiring the Department of Homeland Security to share information about threats with private companies, and by allowing companies to voluntarily disclose information to federal agencies without fear of being sued for violating user privacy.^[174]

Civil liberties advocates said that the final text of the bill did not include strong enough privacy protections, and weakened requirements in earlier drafts to remove from disclosures any personal information not needed to identify cybersecurity threats. Critics also said that allowing companies to voluntarily disclose data to any federal agency – including the Department of Defense and the NSA – undermines civilian control of cybersecurity programs and would blur the line between the use of this data for cybersecurity versus law enforcement purposes.;^[175] and that the text authorizes "defensive measures" even if these cause damage to others' networks or data, though it prohibits measures that provide unauthorized access to other systems.^[176]

President Obama issued two Executive Orders to address cyberattacks in 2015. In January, in response to a high-profile attack on Sony Pictures Entertainment's internal networks apparently carried out to prevent it from releasing a controversial comedy about North Korea, Obama issued an order authorizing the Treasury Department to impose sanctions on individuals and entities associated with the North Korean government.^[177] In April, the White House issued an Executive Order permitting the U.S. Department of the Treasury to levy sanctions against individuals or companies that conduct "significant malicious cyber-enabled activities."^[178]

---

Notes:

1 Julia Edwards, "FBI paid more than $1.3 million to break into San Bernardino iPhone," Reuters , April 22, 2016, http://www.reuters.com/article/us-apple-encryption-fbi-idUSKCN0XI2IB; Devlin Barrett, "Federal Prosecutors Drop Court Case to Force Apple to Unlock iPhone," Wall Street Journal , April 22, 2016, http://www.wsj.com/articles/federal-prosecutors-drop-court-case-to-force-apple-to-unlock-iphone-1461377642.

2 Mark Cooper, "The Socio-Economics of Digital Exclusion in America, 2010," (paper presented at 2010 TPRC: 38th Research Conference on Communications, Information, and Internet Policy, Arlington, Virginia, October 1-3, 2010).

3 In 2016, the ITU revised its penetration data for the U.S. in 2014 from 87 percent to 73 percent. International Telecommunication Union, "Percentage of Individuals Using the Internet, 2000-2015,", http://bit.ly/1FDwW9w.

4 John B. Horrigan and Maeve Duggan, "Home Broadband 2015," Pew Research Center, December 21, 2015, http://www.pewinternet.org/2015/12/21/2015/Home-Broadband-2015/

5 OECD Broadband Statistics, "OECD Fixed (Wired) Broadband Subscriptions per 100 Inhabitants, by Technology, June 2014," December 2014, http://bit.ly/1cP4RGV; "OECD Terrestrial Mobile Wireless Broadband Subscriptions per 100 Inhabitants, by Technology, June 2014."

6 Andrew Perrin and Maeve Duggan, Americans' Internet Access: 2000-2015 , Pew Research Center: Internet, Science & Tech, June 26, 2015, http://pewrsr.ch/1TRMM48.

7 Federal Communications Commission, "Broadband Progress Report: Significant Improvements but Digital Divide Persists," January 28, 2016, https://apps.fcc.gov/edocs_public/attachmatch/DOC-337471A1.pdf. Federal Communications Commission, "2016 Broadband Progress Report," Federal Communications Commission, January 29, 2016, https://www.fcc.gov/reports-research/reports/broadband-progress-reports/2016-broadband-progress-report.

8 Federal Communications Commission, "2016 Broadband Progress Report," Federal Communications Commission, January 29, 2016, https://www.fcc.gov/reports-research/reports/broadband-progress-reports/2016-broadband-progress-report.

9 "The Cost of Connectivity 2014," Open Technology Institute, October 30, 2014, https://www.newamerica.org/oti/policy-papers/the-cost-of-connectivity-2014/.

10 "The Cost of Connectivity 2014," Open Technology Institute, October 30, 2014, https://www.newamerica.org/oti/policy-papers/the-cost-of-connectivity-2014/.

11 "The Cost of Connectivity 2014," Open Technology Institute, October 30, 2014, https://www.newamerica.org/oti/policy-papers/the-cost-of-connectivity-2014/.

12 Monica Anderson. "Technology Device Ownership: 2015." Pew Research Center, October 2015, http://www.pewinternet.org/2015/10/29/technology-device-ownership-2015.

13 Monica Anderson, "More Americans using smartphones for getting directions, streaming TV," Pew Research Center, January 29, 2016, http://www.pewresearch.org/fact-tank/2016/01/29/us-smartphone-use/.

14 Aaron Smith, Smartphone Use in 2015 , Pew Research, http://pewrsr.ch/19JDwMd.

15 The Electronic Privacy Information Center (EPIC) filed suit against the Department of Homeland Security (DHS) in 2013 for information about the protocol. After winning an appeal in the DC Circuit, the DHS retained exemption from disclosing SOP 303, and in July of 2015 released a redacted version of the protocol. Electronic Privacy Information Center, EPIC v. DHS – SOP 303 , http://bit.ly/1GscPWS; Electronic Privacy Information Center, SOP 303 Updated Release , http://bit.ly/1WI9hZV.

16 Electronic Privacy Information Center, EPIC v. DHS – SOP 303 .

17 Melissa Bell, "BART San Francisco Cut Cell Services to Avert Protest," The Washington Post , August 12, 2011, http://wapo.st/1GscX8T

18 Federal Communications Commission, WARNING: Jammer Use Is Prohibited , December 8, 2014, http://fcc.us/1L1RV2O.

19 Leichtman Research Group, "3 Million Added Broadband From Top Providers in 2014," press release, March 5, 2015, http://bit.ly/1WIa1hL.

20 Jon Brodkin, "Comcast now has more than half of all US broadband customers" Ars Technica , January 30, 2015, http://bit.ly/1FPGOgI.

21 Meg Jones, "California regulators approve Charter's takeover of Time Warner Cable," Los Angeles Times , May 12, 2016, http://www.latimes.com/entertainment/envelope/cotown/la-et-ct-charter-puc-20160512-snap-story.html.

22 Jon Brodkin, "Comcast and Charter may soon control 70% of 25Mbps Internet subscriptions," ArsTechnica, January 26, 2016, http://arstechnica.com/business/2016/01/comcast-and-charter-may-soon-control-70-of-25mbps-internet-subscriptions/.

23 Meg Jones, "California regulators approve Charter's takeover of Time Warner Cable," Los Angeles Times , May 12, 2016, http://www.latimes.com/entertainment/envelope/cotown/la-et-ct-charter-puc-20160512-snap-story.html.

24 Jon Brodkin, "Comcast and Charter may soon control 70% of 25Mbps Internet subscriptions," ArsTechnica, January 26, 2016, http://arstechnica.com/business/2016/01/comcast-and-charter-may-soon-control-70-of-25mbps-internet-subscriptions/. Federal Communications Commission, "Statement from FCC Chairman Tom Wheeler on the Comcast-Time Warner Cable Merger," news release, April 24, 2015, http://bit.ly/1OfzSug; U.S. Department of Justice, "Comcast Corporation Abandons Proposed Acquisition of Time Warner Cable After Justice Department and Federal Communications Commission Informed Parties of Concerns," press release, April 24, 2015, http://1.usa.gov/1Qrf57U.

25 Prepared Remarks of Federal Communications Commission Chairman (FCC) Tom Wheeler "The Facts and Future of Broadband Competition". September 4, 2014 https://apps.fcc.gov/edocs_public/attachmatch/DOC-329161A1.pdf.

26 Federal Communications Commission, Annual Report Of Competitive Market Conditions For Commercial Mobile Wireless , December 23, 2015, https://apps.fcc.gov/edocs_public/attachmatch/DA-15-1487A1.pdf.

27 Michael J. De La Merced, "Sprint and Softbank End Their Pursuit of a T-Mobile Merger," DealB% k (blog), New York Times , August 5, 2014, http://nyti.ms/1KW0LBh.

28 Colin Lecher, "How the FCC's massive airways auction will change America – and your phone service," The Verge , April 21, 2016, http://www.theverge.com/2016/4/21/11481454/fcc-broadcast-incentive-auction-explained.

29 The White House, Office of the Press Secretary, "FACT SHEET: Broadband That Works: Promoting Competition & Local Choice In Next-Generation Connectivity," press release, January 13, 2015, http://1.usa.gov/1GUJIQ9.

30 Federal Communications Commission, "FCC Grants Petitions to Preempt State Laws Restricting Community Broadband in North Carolina, Tennessee," news release, February 26, 2015, http://bit.ly/1Z3DrZO.

31 See State of TN vs. FCC , http://www.ca6.uscourts.gov/case_reports/rptPendingAgency.pdf; Brian Fung, "Cities looking to compete with large Internet providers just suffered a big defeat," Washington Post , August 1-, 2016, https://www.washingtonpost.com/news/the-switch/wp/2016/08/10/the-government-just-lost-a-big-court-battle-over-public-internet-service/.

32 National Conference of State Legislators, "Laws Relating to Filtering, Blocking, and Usage Policies in Schools and Libraries," June 12, 2015, http://bit.ly/1zvIfGT.

33 American Library Association, "Public Library Funding Landscape," 2011-2012, accessed June 4, 2015, 15, http://bit.ly/1KW2uql.

34 See, e.g. , Bradburn v. North Central Regional Library District (Washington state Supreme Court) No. 82200-0 (May 6, 2010); Bradburn v. NCLR, No. CV-06-327-EFS (E.D. Wash. April 10, 2013).

35 Scott Higham and Ellen Nakashima, "Why the Islamic State leaves tech companies torn between free speech and security," Washington Post , July 16, 2015, http://wapo.st/1O9SVUQ.

36 Ellen Nakashima, "Lawmakers want Internet sites to flag 'terrorist activity' to law enforcement," Washington Post , July 4, 2015, http://wapo.st/1H9hEq9.

37 Baynard Woods, "Facebook deactivated Korryn Gaines' account during standoff, police say," The Guardian , August 3, 2016, https://www.theguardian.com/us-news/2016/aug/03/korryn-gaines-facebook-account-baltimore-police.

38 Justin Fenton, "Korryn Gaines case: Video posting by suspects poses new challenges for police," Baltimore Sun , August 3, 2016, http://www.baltimoresun.com/news/maryland/crime/bs-md-ci-facebook-police-deactivate-20160803-story.html.

39 David Uberti, "How smartphone video changes coverage of police abuse," Columbia Journalism Review , April 9, 2015, http://www.cjr.org/analysis/smartphone_video_changes_coverage.php.

40 47 U.S.C. §230 (1998), http://bit.ly/1hlnlbP; see Electronic Frontier Foundation, "Section 230 of the Communications Decency Act," http://bit.ly/1EYGbk1.

41 Treating domain names as property subject to criminal forfeiture, 18 U.S.C. §2253.

42 H.R. 285, https://www.congress.gov/114/bills/hr285/BILLS-114hr285rfs.pdf.

43 Center for Democracy & Technology, "Coalition Statement in Opposition to Federal Criminal Publishing Liability," January 29, 2015, http://bit.ly/1OSYquU.

44 The Justice for Victims of Trafficking Act of 2015, Pub. L 144-22, May 29, 2015, https://www.congress.gov/bill/114th-congress/senate-bill/178.

45 Sophia Cope and Adi Kamdar, "SAVE Act Passes in House, Comes One Step Closer to Unnecessarily Chilling Online Speech," Electronic Frontier Foundation, January 29, 2015, https://www.eff.org/deeplinks/2015/01/save-act-passes-house-coming-one-step-closer-chilling-online-speech.

46 "Coalition Statement in Opposition to Federal Criminal Publishing Liability," Center for Democracy and Technology, January 29, 2015, https://cdt.org/insight/coalition-statement-in-opposition-federal-criminal-publishing-liability/.

47 Agatha Cole, "ICE Domain Name Seizures Threaten Due Process and First Amendment Rights," American Civil Liberties Union, June 20, 2012, http://bit.ly/1j9cXpl.

48 U.S. Immigration and Customs Enforcement "Operation In Our Sites," May 22, 2014, http://1.usa.gov/1WIeTn7.

49 "Illegal websites seized in global operations," U.S. Immigration and Customs Enforcement, November 30, 2015, https://www.ice.gov/news/releases/illegal-websites-seized-global-operation.

50 United States International Trade Commission, "Certain Digitals Models, Digital Data, and Treatment Plans for Use in Making Incremental Dental Positiong Adjustment Applicances, The Appliances Made Therefrom, and Methods of Making the Same," commission opinion, April 10, 2014, http://bit.ly/1Pf0nky.

51 "Letter to the International Trade Commission," Public Knowledge, April 10, 2015, http://bit.ly/1Z3Ih9u.

52 Aimee N. Soucie, " ClearCorrect Operating, LLC v. ITC," Kenyon IP Insight, November 11, 2015, http://www.kenyon.com/NewsEvents/News/2015/11-11-ClearCorrect-Operating-LLC-v-ITC.aspx.

53 17 U.S.C.§ 512, https://www.law.cornell.edu/uscode/text/17/512.

54 Electronic Frontier Foundation, "Lenz v. Universal," https://www.eff.org/cases/lenz-v-universal.

55 Electronic Frontier Foundation, "Once Again, DMCA Abused to Target Political Ads," November 17, 2015, https://www.eff.org/deeplinks/2015/11/once-again-dmca-abused-target-political-ads.

56 Twitter, "Removal Requests," Transparency Report , July-December, 2015, https://transparency.twitter.com/removal-requests/2015/jul-dec.

57 Yahoo, "Government Removal Requests," Transparency Report , https://transparency.yahoo.com/government-removal-requests/index.htm

58 Google, "Government Requests to Remove Content," https://www.google.com/transparencyreport/removals/government/.

59 TorrentFreak, TPP: U.S. May Not Force DMCA on Other Countries https://torrentfreak.com/tpp-u-s-may-accept-partners-own-isp-liability-frameworks-150707/.

60 Maira Sutton, "How the TPP Will Affect You and Your Digital Rights," Electronic Frontier Foundation, December 8, 2015, https://www.eff.org/deeplinks/2015/12/how-tpp-will-affect-you-and-your-digital-rights.

61 Tom Kludt and Brian Stelter, "'The Blacklist:' Here are the media outlets banned by Donald Trump," CNN, June 14, 2016, http://money.cnn.com/2016/06/14/media/donald-trump-media-blacklist/.

62 Kyle Blaine, "How Donald Trump Bent Television To His Will," Buzzfeed, March 18, 2016, https://www.buzzfeed.com/kyleblaine/how-donald-trump-bent-television-to-his-will?utm_term=.ioJba25Rz#.rmPn4K85k.

63 Nick Madigan and Ravi Somaiya "Hulk Hogan Awarded $115 Million in Privacy Suit Against Gawker," New York Times , March 18, 2016, http://www.nytimes.com/2016/03/19/business/media/gawker-hulk-hogan-verdict.html.

64 Andrew Ross Sorkin, "Peter Thiel, Tech Billionaire, Reveals Secret War with Gawker," New York Times , May 25, 2016, http://www.nytimes.com/2016/05/26/business/dealbook/peter-thiel-tech-billionaire-reveals-secret-war-with-gawker.html.

65 David Streitfeld and Katie Benner, "In Silicon Valley, Gossip, Anger and Revenge," New York Times , May 25, 2016, http://www.nytimes.com/2016/05/26/technology/gossip-in-silicon-valley-and-the-digital-age.html.

66 Paul Farhi, "Gawker files for Chapter 11 bankruptcy protection," Washington Post , June 10, 2016, https://www.washingtonpost.com/lifestyle/style/gawker-files-for-chapter-11-bankruptcy-protection/2016/06/10/45ef7420-2f2e-11e6-9b37-42985f6a265c_story.html.

67 Adrian Chen, "The Underground Website Where You Can Buy Any Drug Imaginable," Gawker , June 1, 2011, http://gawker.com/the-underground-website-where-you-can-buy-any-drug-imag-30818160.

68 Katie Rogers and John Herrman, "Thiel-Gawker Fight Raises Concerns About Press Freedom," New York Times , May 26, 2016, http://www.nytimes.com/2016/05/27/business/media/thiel-gawker-fight-raises-concerns-about-press-freedom.html?_r=0.

69 Sari Horowitz, "Justice is reviewing criminal cases that used surveillance evidence gathered under FISA," Washington Post , November 15, 2013, http://wapo.st/1jKgo5Z.

70 Nick Cumming-Bruce, "WikiLeaks Assails Google and the U.S.," New York Times , January 26, 2015, http://nyti.ms/1MUi0n9.

71 Human Rights Watch and American Civil Liberties Union, With Liberty to Monitor All: How Large-Scale US Surveillance is Harming Journalism, Law and American Democracy , 2014, http://bit.ly/1uz3CL1; PEN America, Global Chilling: The Impact of Mass Surveillance on International Writers , January 5, 2015, http://bit.ly/1VBgCYT; see also PEN America, Chilling Effects: NSA Surveillance Drives U.S. Writers to Self-Censor , November 2013, http://bit.ly/1rZ3LXt; and Jesse Holcomb, Amy Mitchell, and Kristen Purcell, Investigative Journalists and Digital Security: Perceptions of Vulnerability and Changes in Behavior , Pew Research Center, February 5, 2015, http://pewrsr.ch/1xqJh6i.

72 PEN America, Global Chilling: The Impact of Mass Surveillance on International Writers.

73 Human Rights Watch and American Civil Liberties Union, With Liberty to Monitor All: How Large-Scale US Surveillance is Harming Journalism, Law and American Democracy.

74 Elizabeth Stoycheff, "Under Surveillance: Examining Facebook's Spiral of Silence Effects in the Wake of NSA Internet Monitoring," Journalism & Mass Communication Quarterly , 2016, http://m.jmq.sagepub.com/content/early/2016/02/25/1077699016630255.full.pdf; Karen Turner, "Mass surveillance silences minority opinions, according to study," Washington Post , March 28, 2016, https://www.washingtonpost.com/news/the-switch/wp/2016/03/28/mass-surveillance-silences-minority-opinions-according-to-study/.

75 Lee Rainieand and Mary Madden, Americans' Privacy Strategies Post-Snowden , Pew Research Center, March 16, 2015, http://pewrsr.ch/1MIHWjv.

76 Leticia Miranda, "Verizon, the FCC and What You Need to Know About Net Neutrality," The Nation , December 6, 2013, https://www.thenation.com/article/verizon-fcc-and-what-you-need-know-about-net-neutrality/; Federal Communications Commission, "Report and Order: In the Matter of Protecting and Promoting the Open Internet," December 21, 2010, https://apps.fcc.gov/edocs_public/attachmatch/FCC-10-201A1_Rcd.pdf.

77 Federal Communications Commission, "Report and Order on Remand, Declaratory Ruling, and Order: In the Matter of Protecting and Promoting the Open Internet," GN Docket No. 14-28, February 26, 2015, http://bit.ly/1NOC8bv; Shuli Wang, "The FCC's Net Neutrality Rules on Protecting and Promoting Open Internet," ed. Yaping Zhang, JOLT Digest , Harvard Journal of Law and Technology , March 23, 2015, http://bit.ly/1Le1RtH.

78 Jim Puzzanghera, "Opponents of FCC's net neutrality rules ask court for partial stay," LA Times , May 13, 2015, http://lat.ms/1KW5gvC.

79 Alina Selyukh, "U.S. Appeals Court Upholds Net Neutrality Rules in Full," NPR, June 14, 2016, http://www.npr.org/sections/thetwo-way/2016/06/14/471286113/u-s-appeals-court-holds-up-net-neutrality-rules-in-full.

80 Cecilia Kang, "F.C.C. Asks Comcast, AT&T and T-Mobile About 'Zero-Rating' Services," The New York Times , December 17, 2015, http://bits.blogs.nytimes.com/2015/12/17/f-c-c-asks-comcast-att-and-t-mobile-about-zero-rating-services/.

81 Zero rating letter to FCC, March 28, 2016, https://www.eff.org/files/2016/04/07/finalzeroratingsign-onletter.fa929bef59a5423089a496b4f909fb97.pdf.

82 Aaron Smith, Cell Phones, Social Media, and Campaign 2014 , November 3, 2014, http://pewrsr.ch/1rTCqj1.

83 Aaron Smith, Civic Engagement in the Digital Age , Pew Research Center, April 25, 2013, http://pewrsr.ch/1nighxK.

84 Karen Mossberger et al., "Digital Citizenship: Broadband, Mobile Use, and Activities Online," (paper presented at International Political Science Association conference, Montreal, Canada, July 2014), http://paperroom.ipsa.org/papers/paper_36182.pdf.

85 Chris Welch, "FCC net neutrality debate passes Janet Jackson's nip slip in total comments," The Verge , September 10, 2014, http://bit.ly/1JOEbqg.

86 Soraya Nadia MacDonald, "John Oliver's net neutrality rant may have caused the FCC website to crash," Washington Post , June 4, 2014, http://wapo.st/1mzTd8j.

87 Barbara van Schewick, "Is the Internet about to get sloooooow?" CNN , September 10, 2014, http://cnn.it/1hlqw37.

88 Craig Aaron, "How We Won Net Neutrality," The Blog, Huffington Post , February 26, 2015, http://huff.to/18pvCYE.

89 Reno, Attorney General of the United States, et al. vs. American Civil Liberties Union et al, 521 U.S. 844 (1997), http://bit.ly/1OT33VQ.

90 Electronic Frontier Foundation, "Computer Fraud and Abuse Act Reform," accessed May 14, 2014, https://www.eff.org/issues/cfaa.

91 "Deadly Silence: Aaron Swartz and MIT," The Economist , August 3, 2013, http://econ.st/1L21COJ.

92 Representative Zoe Lofgren, official website, "Rep Zoe Lofgren Introduces Bipartisan Aaron's Law," press release, June 20, 2013, http://1.usa.gov/1QUsnbx.

93 Kaveh Waddell, "'Aaron's Law' Reintroduced as Lawmakers Wrestle Over Hacking Penalties," National Journal , April 21, 2015, http://bit.ly/1Pf4m0u.

94 Center for Democracy and Technology, "Intermediary Liability: Protecting Internet Platforms for Expression and Innovation," April 2010, http://bit.ly/1hlr3Cj.

95 "Apple v. Does," Electronic Frontier Foundation, accessed August 1, 2012, http://www.eff.org/cases/apple-v-does.

96 Consolidated Appropriations Act, 2016, Pub. L. 114-113, December 18, 2015, https://www.congress.gov/bill/114th-congress/house-bill/2029/text.

97 Ariane de Vogue, "SCOTUS rules in favor of man convicted of posting threatening messages on Facebook," CNN, June 1, 2015, http://www.cnn.com/2015/06/01/politics/supreme-court-elonis-facebook-ruling/.

98 Adam Liptak, "Supreme Court Overturns Conviction in Online Threats Case, Citing Intent," New York Times , June 1, 2015, http://www.nytimes.com/2015/06/02/us/supreme-court-rules-in-anthony-elonis-online-threats-case.html?_r=0.

99 Adam Liptak, "Supreme Court Overturns Conviction in Online Threats Case, Citing Intent," New York Times , June 1, 2015, http://www.nytimes.com/2015/06/02/us/supreme-court-rules-in-anthony-elonis-online-threats-case.html?_r=0.

100 Frank Eltman, "Citizens filming police often find themselves arrested," Albuquerque Journal , August 30, 2015, http://www.abqjournal.com/636460/citizens-filming-police-often-find-themselves-arrested.html.

101 PEN America, Press Freedom Under Fire in Ferguson , October 27, 2014, http://bit.ly/1zDIsOl.

102 PEN America, "Retaliation For Documenting Police," petition, September 12, 2016, https://pen.org/blog/retaliation-documenting-police.

103 Christopher Mele, "Matthew Keys Gets 2 Years in Prison in Los Angeles Times Hacking Case," New York Times , April 13, 2016, http://www.nytimes.com/2016/04/14/business/media/matthew-keys-gets-2-years-in-prison-in-los-angeles-times-hacking-case.html.

104 Kim Zetter, "Matthew Keys Sentenced to Two Years for Aiding Anonymous," Wired , April 13, 2016, https://www.wired.com/2016/04/journalist-matthew-keys-sentenced-two-years-aiding-anonymous/.

105 Joe Johnson, "Georgia Tech student who hacked into UGA computer network gets pretrial diversion," Athens Banner-Herald , February 26, 2015, http://bit.ly/1FSEllk.

106 Josh Solomon, "Middle school student charged with cybercrime in Holiday," Tampa Bay Times , April 9, 2015, http://bit.ly/1ybpTBg.

107 Electronic Frontier Foundation, "Mandatory Data Retention: United States," https://www.eff.org/issues/mandatory-data-retention/us.

108 Electronic Frontier Foundation, "Mandatory Data Retention: United States;" Center for Constitutional Rights, "Surveillance After the USA Freedom Act: How Much Has Changed?," Huffington Post , December 17, 2015, http://www.huffingtonpost.com/the-center-for-constitutional-rights/surveillance-after-the-us_b_8827952.html.

109 American Civil Liberties Union, "California Electronic Communications Privacy Act (CalECPA) – SB 178," https://www.aclunc.org/our-work/legislation/calecpa.

110 United States v. Warshak, 09-3176, United States Court of Appeals for the Sixth Circuit.

111 Ibid.

112 Sophia Cope, "House Advances Email Privacy Act, Setting the Stage for Vital Privacy Reform," Electronic Frontier Foundation, April 27, 2016, https://www.eff.org/deeplinks/2016/04/house-advances-email-privacy-act-setting-stage-vital-privacy-reform.

113 H.R. 699 Email Privacy Act, https://www.congress.gov/bill/114th-congress/house-bill/699/text.

114 "Patriot Act Excesses," New York Times, October 7, 2009, http://www.nytimes.com/2009/10/08/opinion/08thu1.html.

115 E.g. Glenn Greenwald, "NSA Collecting Phone Records of Millions of Verizon Customers Daily," The Guardian, June 5, 2013, http://www.guardian.co.uk/world/2013/jun/06/nsa-phone-records-verizon-court-order.

116 Aubra Anthony, "When Metadata Becomes Megadata: What Government Can Learn," Center for Democracy and Technology PolicyBeta Blog, June 17, 2013, https://www.cdt.org/blogs/1706when-metadata-becomes-megadata-what-government-can-learn-metadata.

117 "Comparing Two Secret Surveillance Programs," The New York Times, June 7, 2013, http://www.nytimes.com/interactive/2013/06/07/us/comparing-two-secret-surveillance-programs.html.

118 Marty Lederman, "BREAKING: Second Circuit rules that Section 215 does not authorize telephony bulk collection program," Just Security, May 7, 2015, http://bit.ly/1j9kTqO.

119 "USA Freedom Act: What's in, what's out," Washington Post , June 2, 2015, https://www.washingtonpost.com/graphics/politics/usa-freedom-act/.

120 Aarti Shahani, "Phone Carriers Are Tight-Lipped On How They Will Comply With New Surveillance Law," NPR, June 4, 2015, http://www.npr.org/sections/alltechconsidered/2015/06/04/411870819/phone-carriers-are-tight-lipped-over-law-that-overhauls-nsa-surveillance.

121 Rainey Reitman, "The New USA Freedom Act: A Step in the Right Direction, but More Must Be Done," Electronic Frontier Foundation, April 30, 2015, https://www.eff.org/deeplinks/2015/04/new-usa-freedom-act-step-right-direction-more-must-be-done.

122 "USA Freedom Act of 2015," Council on Foreign Relations, June 2, 2015, http://www.cfr.org/intelligence/usa-freedom-act-2015/p36594.

123 Uniting and Strengthening America by Fulfilling Rights and Ensuring Effective Discipline Over Monitoring Act of 2015 (USA FREEDOM Act), Pub. L. 114-23, June 1, 2015, https://www.congress.gov/bill/114th-congress/house-bill/2048/text.

124 USA FREEDOM Act of 2015, Sec. 401.

125 United States Foreign Intelligence Surveillance Court, "Amici Curiae," http://www.fisc.uscourts.gov/amici-curiae.

126 See text of House version of USA FREEDOM ACT (2014): H.R. 3361, https://www.congress.gov/113/bills/hr3361/BILLS-113hr3361rh.pdf.

127 Brett Max Kaufman, "A Guide to What We Know About the NSA's Dragnet Searches of Your Communications," ACLU, August 9, 2013, https://www.aclu.org/blog/guide-what-we-now-know-about-nsas-dragnet-searches-your-communications.

128 Dia Kayyali, "The Way the NSA Uses Section 702 is Deeply Troubling. Here's Why." Electronic Frontier Foundation, May 7, 2014, https://www.eff.org/deeplinks/2014/05/way-nsa-uses-section-702-deeply-troubling-heres-why.

129 See USA FREEDOM Act of 2015, Sec. 301, and 50 U.S.C. 1881a(i)(3), available at: https://www.gpo.gov/fdsys/pkg/USCODE-2011-title50/pdf/USCODE-2011-title50-chap36-subchapVI-sec1881a.pdf.

130 Cindy Cohn and Rainey Reitman, "USA Freedom Act Passes: What We Celebrate, What We Mourn, and Where We Go From Here," Electronic Frontier Foundation, June 2, 2015, https://www.eff.org/deeplinks/2015/05/usa-freedom-act-passes-what-we-celebrate-what-we-mourn-and-where-we-go-here.

131 Executive Order 12333 – United States Intelligence Activities. Federal Register, National Archives. http://www.archives.gov/federal-register/codification/executive-order/12333.html.

132 "Executive Order 12333," Electronic Privacy Information Center, https://epic.org/privacy/surveillance/12333/.

133 Barton Gellman and Ashkan Soltani, "NSA surveillance program reaches 'into the past' to retrieve, replay phone calls," Washington Post , March 18, 2014, https://www.washingtonpost.com/world/national-security/nsa-surveillance-program-reaches-into-the-past-to-retrieve-replay-phone-calls/2014/03/18/226d2646-ade9-11e3-a49e-76adc9210f19_story.html; Ryan Devereaux, Glenn Greenwald, Laura Poitras, "Data Pirates of the Caribbean," The Intercept , May 19, 2014, https://theintercept.com/2014/05/19/data-pirates-caribbean-nsa-recording-every-cell-phone-call-bahamas/.

134 H.R. 4681, Intelligence Authorization Act for Fiscal Year 2015 Sec. 309, 113th Cong. (2014).

135 Presidential Policy Directive – Signals Intelligence Activities PPD-28, January 17, 2014, http://1.usa.gov/1MUm5Yz.

136 Human Rights Watch, "Strengthen the USA Freedom Act," May 19, 2015, https://www.hrw.org/news/2015/05/19/strengthen-usa-freedom-act.

137 Craig Timberg & Adam Goldman, "U.S. to Allow Companies to Disclose More Details on Government Requests for Data," Washington Post , January 27, 2014, http://wapo.st/LhuLxw.

138 Office of the Deputy Attorney General, email correspondence fto Facebook, Google, LinkedIn, Microsoft, and Yahoo general counsels, January 27, 2014, http://1.usa.gov/1IuJYqL.

139 Ben Lee, "Taking the fight for #transparency to court," Twitter Blog , October 7, 2014, http://bit.ly/Zc3Mtm; Alexei Oreskovic, "Twitter Sues U.S. Justice Department for Right to Reveal Surveillance Requests," Reuters ,October 7, 2014, http://reut.rs/1yLKbRe.

140 "Twitter lawsuit partly dismissed over U.S. information requests," Reuters, May 2, 2016, http://www.reuters.com/article/us-twitter-government-ruling-idUSKCN0XT1RK

141 For additional information on reporting standards, please reference: USA Freedom Act, H.R. 2048 (2015), http://1.usa.gov/1jKsHzc.

142 Alex Bradshaw, Stan Adams, "FCC Should Act to Protect Broadband Customers' Data," CDT, January 20, 2016, https://cdt.org/blog/fcc-should-act-to-protect-broadband-customers-data/.

143 Erica Newland, et. al., Account Deactivation and Content Removal: Guiding Principles and Practices for Companies and Users , Global Network Initiative, September 2011, http://cyber.law.harvard.edu/node/7080.

144 Justin Jouvenal, "Yelp won't have to turn over names of anonymous users after court ruling" Washington Post , 16 April 2015, http://wapo.st/1MbcE48.

145 Jay Stanley, "Don't Put Your Trust in 'Trusted Identities,'" American Civil Liberties Union, January 7, 2011, http://bit.ly/1M7hILh; See also, Jim Dempsey, "New Urban Myth: The Internet ID Scare," Policy Beta (blog), Center for Democracy and Technology, January 11, 2011, http://bit.ly/1Oi3I2U.

146 National Strategy for Trusted Identities in Cyberspace, "About NISTIC," accessed May, 14, 2014, http://1.usa.gov/1hluGbe.

147 "Costs to Cybersecurity" in Danielle Kehl et al., "Surveillance Costs: The NSA's Impact on the Economy, Internet Freedom, and Cybersecurity," New America's Open Technology Institute, July 2014, http://bit.ly/1GsrIbD.

148 James Ball, Julian Borger and Glenn Greenwald, "Revealed: How US and UK Spy Agencies Defeat Internet Privacy and Security," The Guardian , September 6, 2013, http://gu.com/p/3thvv/stw.

149 Julia Angwin, "What's Really At Stake in the Apple Encryption Debate," ProPublica, February 24, 2016, https://www.propublica.org/article/whats-really-at-stake-in-the-apple-encryption-debate.

150 Press Release, "Open Technology Institute Opposes Government Attempt to Mandate Backdoor into Apple iPhone," Open Technology Institute, February 17, 2016, https://www.newamerica.org/oti/press-releases/open-technology-institute-opposes-government-attempt-to-mandate-backdoor-into-apple-iphone/.

151 See Amendment to H.R. 4870, the Department of Defense Appropriations Act, offered by Representative Massie of Connecticut. The Amendment "prohibits funds for the government to request that products or services support lawful electronic surveillance": The FY 2015 Department of Defense Appropriations Bill: House Adopted Amendments, H.R. 4870 (2014), http://1.usa.gov/1jDUJpd.

152 Robyn Greene, "Representatives Should Vote "Yes" on Three Amendments to Prohibit Bulk Collection and to Protect Encryption," New America Open Technology Institute, June 2, 2015 [updated June 3, 2015], http://bit.ly/1M7pLHQ.

153 Secure Data Act of 2014, S.2981, 113th Cong. (2014), http://1.usa.gov/1Lc1Eme.

154 Cory Bennett, "Lawmakers skeptical of FBI's encryption warnings," The Hill , April 29, 2015, http://bit.ly/1bGPbwO.

155 Charlie Savage, "U.S. Tries to Make it Easier to Wiretap the Internet." New York Times , September 27, 2010, http://nyti.ms/1WIzNlX; See also Declan McCullagh, "FBI: We Need Wiretap-Ready Websites – Now," CNET , May 4, 2012, http://cnet.co/1iRh6vA.

156 Ben Adida et al, CALEA II: Risks of Wiretap Modifications to Endpoints , Center for Democracy & Technology, May 17, 2013, http://bit.ly/1Gsv12v.

157 Lily Hay Newman, "Law Enforcement Can Make You Unlock Devices with Your Fingerprint in Virginia," Slate , October 31, 2014, http://www.slate.com/blogs/future_tense/2014/10/31/virginia_police_can_make_you_unlike_your_smartphone_with_your_fingerprint.html.

158 Lily Hay Newman, "Federal Judge Says Law Enforcement Can't Make You Hand Over Your Smartphone Passcode," Slate , September 25, 2015, http://www.slate.com/blogs/future_tense/2015/09/25/court_rules_that_defendants_don_t_have_to_provide_smartphone_passcodes.html.

159 Spencer S. Hsu, "A Maryland court is the first to require a warrant for covert cellphone tracking," Washington Post , March 31, 2016, https://www.washingtonpost.com/world/national-security/a-maryland-court-is-the-first-to-require-a-warrant-for-covert-cellphone-tracking/2016/03/31/472d9b0a-f74d-11e5-8b23-538270a1ca31_story.html.

160 Joshua Kopstein, "Maryland Attorney General: If You Don't Want To Be Tracked, Turn Off Your Phone," Motherboard , February 4, 2016, https://motherboard.vice.com/read/maryland-attorney-general-if-you-dont-want-to-be-tracked-turn-off-your-phone.

161 Alex Emmons, "Maryland Appellate Court Rebukes Police for Concealing Use of Stingrays," The Intercept , March 31, 2016, https://theintercept.com/2016/03/31/maryland-appellate-court-rebukes-police-for-concealing-use-of-stingrays/;

162 Associated Press,"AP's Probe Into NYPD Intelligence Operations," accessed May 5, 2015 http://bit.ly/L3pdWB.

163 Matt Appuzzo and Joseph Goldstein, "NY Drops Unit that Spied on Muslims," New York Times , Apr. 15, 2014, http://nyti.ms/1evekec.

164 Kevin Sullivan, "Three American teens, recruited online, are caught trying to join the Islamic State," Washington Post , December 8, 2014, http://wapo.st/1L2hEIz.

165 Sari Horwitz, "Ohio man arrested in alleged plot to attack Capitol," Washington Post , January 14, 2015, http://wapo.st/1Rr8cml.

166 Dia Kayyali, "Want to Record the Cops? Know Your Rights," Electronic Frontier Foundation, April 16, 2015, https://www.eff.org/deeplinks/2015/04/want-record-cops-know-your-rights.

167 Mariah Stewart, "Man Who Filmed Freddie Gray Arrest Detained By Baltimore Police, Along With Ferguson Video Activists," Huffington Post , http://huff.to/1VBuAtR.

168 Amy Goodman & Denis Moynihan, "Videotaping a Crime Is Not a Crime," Democracy Now, July 14, 2016, http://www.democracynow.org/2016/7/14/videotaping_a_crime_is_not_a.

169 Lily Hay Newman, "Government Discovered Employee Data Breach While It Was Trying to Upgrade Security," Slate , June 5, 2015, http://www.slate.com/blogs/future_tense/2015/06/05/office_of_personnel_management_discovered_hack_while_trying_to_upgrade_security.html.

170 Brian Naylor, "OPM: 21.5 Million Social Security Numbers Stolen From Government Computers," NPR, July 9, 2015, http://www.npr.org/sections/thetwo-way/2015/07/09/421502905/opm-21-5-million-social-security-numbers-stolen-from-government-computers.

171 David Perera, "Researchers: 'Deep Panda' Behind Hacking of Federal Data," Politico , June 4, 2015, http://politi.co/1OgcZad.

172 Ellen Nakashima, "U.S. decides against publicly blaming China for data hack," Washington Post , July 22, 2015, https://www.washingtonpost.com/world/national-security/us-avoids-blaming-china-in-data-theft-seen-as-fair-game-in-espionage/2015/07/21/03779096-2eee-11e5-8353-1215475949f4_story.html.

173 Ellen Nakashima, "Chinese government has arrested hackers it says breached OPM database," Washington Post , December 2, 2015, https://www.washingtonpost.com/world/national-security/chinese-government-has-arrested-hackers-suspected-of-breaching-opm-database/2015/12/02/0295b918-990c-11e5-8917-653b65c809eb_story.html.

174 Consolidated Appropriations Act, 2016, Pub. L. 114-113, December 18, 2015, https://www.congress.gov/bill/114th-congress/house-bill/2029/text.

175 Jadzia Butler, Greg Nojeim, "Cybersecurity Information Sharing in the 'Ominous' Budget Bill: A Setback for Privacy," Center for Democracy and Technology, December 17, 2015, https://cdt.org/blog/cybersecurity-information-sharing-in-the-ominous-budget-bill-a-setback-for-privacy/.

176 Jadzia Butler, Greg Nojeim, "Cybersecurity Information Sharing in the 'Ominous' Budget Bill: A Setback for Privacy," Center for Democracy and Technology, December 17, 2015, https://cdt.org/blog/cybersecurity-information-sharing-in-the-ominous-budget-bill-a-setback-for-privacy/.

177 Zeke J. Miller, "U.S. Sanctions North Korea Over Sony Hack," Time , January 2, 2015, http://ti.me/1JP4EnL.

178 The White House, Office of the Press Secretary, "Executive Order: Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities," April 1, 2015, http://1.usa.gov/1F2sjPD.