An organization dedicated to freedom on the internet.
Something I believe we all share an interest in.
I will be linking their newsletter here.
https://www.eff.org/sites/all/themes.../logo_full.png
Printable View
An organization dedicated to freedom on the internet.
Something I believe we all share an interest in.
I will be linking their newsletter here.
https://www.eff.org/sites/all/themes.../logo_full.png
EFF Issue 669
https://www.eff.org/sites/default/files/eff_logo.png
Even a Golden Key Can Be Stolen by Thieves
Law enforcement has been ablaze with indignation since Apple first announced three weeks ago that it was expanding the scope of what types of data would be encrypted on devices running iOS 8. When Google followed suit and announced that Android L would also come with encryption on by default, it only added fuel to the fire. But these decisions, first and foremost, are about protecting the security of users. These companies have made a sound engineering decision to make mobile security as strong as they know how, by bringing it in line with laptop and desktop security.
In Hotfile Docs, Warner Hid References to "Robots" And Its Deliberate Abuse of Takedowns
After months of delay, Warner has finally released documents detailing its notice-and-takedown practices. The information was filed under seal in the now-defunct Hotfile litigation until a federal court, prompted by a motion from EFF, ordered Warner to produce them for the public. These documents confirm the movie studio's abuse of the DMCA takedown process. They describe Warner "robots" sending thousands of infringement accusations to sites like the now-closed Hotfile without human review, based primarily on filenames and metadata rather than inspection of the files' contents. They also show that Warner knew its automated searches were too broad and that its system was taking down content in which Warner had no rights--likely a violation of the DMCA.
ComputerCOP: The Dubious 'Internet Safety Software' That Hundreds of Police Agencies Have Distributed to Families
For years, local law enforcement agencies around the country have told parents that installing ComputerCOP software is the "first step" in protecting their children online. But as official as it looks, ComputerCOP is actually just spyware, generally bought in bulk from a New York company that appears to do nothing but market this software to local government agencies. In the course of investigating and documenting the spread of that software through some 245 agencies in 35 states, EFF has conducted a security review of ComputerCOP and determined it is neither safe nor secure.
EFF Updates
They Fight Surveillance - And You Can Too
EFF has launched two projects to help you fight "privacy nihilism"--to show that despite the skepticism of your friends and colleagues, you can do something. In Counter-Surveillance Success Stories, we've collected examples of individuals and small groups who have chosen to battle unlawful spying in their own countries--and have won. And on our new I Fight Surveillance site, we're showcasing individuals from around the world who are taking a stand.
For Shame: Gannett Abuses DMCA to Take Down Political Speech
Like clockwork, another news organization is abusing the Digital Millennium Copyright Act's hair-trigger take down process to stifle political commentary just when that commentary is most timely. A Kentucky newspaper's editorial board live-streamed an interview with a Democratic candidate for Senate, and captured 40 uncomfortable seconds of her trying desperately to avoid admitting she voted for President Obama. A critic posted the video clip online--and the newspaper's parent company Gannett promptly took it down.
Stop the Spies: Australians Rise Up Against Mandatory Data Retention
The latest shadow over the civil liberties of Australians is a yet-unnamed mandatory data retention bill that will be introduced into the federal parliament during the week of October 27. Under the flimsy pretext that this measure is urgently needed to fight terrorism, the bill would require Australian Internet providers to scoop up highly personal information about their customers as they use the Internet and store it for two years for law enforcement agencies to access. On October 6, a grassroots website called Stop the Spies was launched to expose this threat and to mobilize ordinary Internet users to stop it.
Adobe Spyware Reveals (Again) the Price of DRM: Your Privacy and Security
The publishing world may finally be facing its "rootkit scandal." Two independent reports claim that Adobe's e-book software, "Digital Editions," logs every document readers add to their local "library," tracks what happens with those files, and then sends those logs back to the mother-ship, over the Internet, in the clear. In other words, Adobe is not only tracking your reading habits, it’s making it really, really easy for others to do so as well.
EFF Intervenes in Canadian Court Case to Protect Free Speech Online
EFF has filed a brief with the British Columbia Court of Appeal in Canada weighing in on a ruling that Google must block certain entire websites from its search results around the world. Such a broad injunction sets a dangerous precedent, especially where the injunction is likely to conflict with the laws of other nations. In its brief, EFF explains how the trial court's decision would have likely violated the U.S. Constitution and constituted an improper "mandatory injunction" under case law in California, where Google is based. By blocking entire websites, Canadian courts potentially censor innocent content that U.S. Internet users have a constitutional right to receive
DEFCON Router Hacking Contest Reveals 15 Major Vulnerabilities
A DEFCON contest to find vulnerabilities in consumer router software this summer was hugely successful: participants discovered 15 "zero-day" vulnerabilities, including seven that allow full takeover. Those bugs have all been disclosed to the manufacturers, but fixes have been slow to roll out.
Listen: Audio from [UNDER SEAL] v. Holder, EFF's National Security Letter case
EFF squared off last week against the Department of Justice in the Ninth Circuit on behalf of gagged recipients of national security letters. The court has published an audio recording of that hearing.
NSA Mind-Bender: We Won't Tell You What Info We Already Leaked to the Media
In Wired, Kim Zetter reports that the National Security Agency has refused to release information in response to a FOIA request about the agency's authorized leaks to the media.
NSA's Director of Civil Liberties and Privacy's new report on Executive Order 12333 [pdf]
Rebecca J. Richards, the director of NSA's Civil Liberties and Privacy Office, has issued an overview of the civil liberties protections built into the agency's signals intelligence programs.
====================
Reproduction of this publication in electronic media is encouraged.
MiniLinks do not necessarily represent the views of EFF.
This newsletter is printed from 100% recycled electrons.
EFF Issue #670
https://www.eff.org/sites/default/files/eff_logo.png
Introducing the New Surveillance Self-Defense
We're thrilled to announce the relaunch of Surveillance Self-Defense, our guide to defending yourself and your friends from digital surveillance by using encryption tools and developing appropriate privacy and security practices. These resources are intended to inspire better-informed conversations and decision-making about digital security and privacy. The site is available today in English, Arabic, and Spanish, with more languages coming soon.
EFF and ACLU to Present Oral Argument in NSA Spying Case
How can the US government possibly claim that its collection of the phone records of millions of innocent Americans is legal? It relies mainly on two arguments: first, that no one can have a reasonable expectation of privacy in their metadata and second, that the outcome is controlled by the so-called "third party doctrine," which says that no one has an expectation of privacy in information they convey to a third party, such as telephone numbers dialed. EFF will respond to both of these arguments in oral argument in the NSA spying case Klayman v. Obama on November 4.
EFF Fights for Common Sense, Again, in DMCA Rulemaking
EFF has filed six exemption requests with the U.S. Copyright Office today, part of the elaborate, every-three-year process to right the wrongs put in place by the Section 1201 of the Digital Millennium Copyright Act. We're seeking to renew and expand previously granted exemptions on jailbreaking devices and ripping video for remixes, and pursuing new exemptions on repairing, modifying, and conducting security research on cars, as well as modifying video games to be playable after they've been abandoned by their publisher.
EFF Updates
Verizon Injecting Perma-Cookies to Track Mobile Customers, Bypassing Privacy Controls
Verizon users might want to start looking for another provider. In an effort to better serve advertisers, Verizon Wireless has been silently modifying its users' web traffic on its network to inject a cookie-like tracker. This tracker, included in an HTTP header called X-UIDH, is sent to every unencrypted website a Verizon customer visits from a mobile device. It allows third-party advertisers and websites to assemble a deep, permanent profile of visitors' web browsing habits without their consent.
Peekaboo, I See You: Government Authority Intended for Terrorism is Used for Other Purposes
The Patriot Act continues to wreak its havoc on civil liberties. Law enforcement was adamant Section 213, defining a procedure known as a "sneak and peek" warrant, was needed to protect against terrorism. But the latest government report detailing the numbers of "sneak and peek" warrants reveals that out of a total of over 11,000 requests, only 51 were used for terrorism.
The 90s and Now: FBI and its Inability to Cope with Encryption
Recently, FBI Director James B. Comey, along with several government officials, have issued many public statements regarding their inability to catch criminals due to Apple and Google offering default encryption to their consumers. But we certainly felt a bit of deja vu when we saw current FBI Director Comey’s statements, since they sound eerily like the sentiments expressed by then FBI Director Louis J. Freeh in front of the Senate Judiciary Committee in July 1997.
Dear Rupert Murdoch: Want to Compete with Netflix? Ditch DRM!
Rupert Murdoch, chair of 21st Century Fox, argued recently that major media companies should develop their own video streaming service that could compete with Netflix and Amazon. Given that other streaming services are having a tough time competing (Verizon's foray into video streaming, Redbox Instant, is shutting down), his worries are well-founded. Fortunately, there's one move media companies could could make that would set apart any new video streaming service they develop: they could ditch the DRM.
October’s Very Bad, No Good, Totally Stupid Patent of the Month: Filming A Yoga Class
EFF recently learned about a patent that covered a method of filming a yoga class. We reviewed the patent and discovered that it was just as ridiculous as it sounded. Despite our familiarity with absurd patents and our concerns about cursory review at the Patent and Trademark Office, we were still surprised that this one issued. But there's a silver lining to this story: the yoga community affected by this stupid patent wasn't willing to give in.
New Documentary CITIZENFOUR Highlights Snowden's Motivation for Leaking NSA Documents
Laura Poitras' riveting new documentary about mass surveillance gives an intimate look into the motivations that guided Edward Snowden, who sacrificed his career and risked his freedom to expose mass surveillance by the NSA. CITIZENFOUR has many scenes that explore the depths of government surveillance gone awry and the high-tension unfolding of Snowden's rendezvous with journalists in Hong Kong. But one of the most powerful scenes in the film comes when Snowden discusses his motivation for the disclosures and points to his fundamental belief in the power and promise of the Internet.
Open Access Week 2014 Wrap Up: Posts, Pictures, and Parties
EFF proudly participated in the eighth annual Open Access Week, a celebration of making scholarly research immediately and freely available for people around the world to read, cite, and re-use. One theme that seemed to run across all blog posts was that open access doesn't exist in a vacuum: there are laws, policies, and happenings in the world that immensely affect our access to research.
miniLinks
UK "Free Our History" Copyright Reform Campaign
Museums, libraries, and archives are showing empty display cases to protest copyright terms that lock up until 2039 unpublished works dating back centuries.
Australia: Stop The Spies
The Australian government has proposed a data retention law that could be devastating to personal privacy. Learn more about the proposal, how it could be abused, and what people can do to fight back.
Hacker Lexicon: Homomorphic Encryption
In Wired, Andy Greenberg explains what homomorphic encryption is, and how it could revolutionize the way cloud computing services are able to protect user privacy.
Supported by Members
Our members make it possible for EFF to bring legal and technological expertise into crucial battles about online rights. Whether defending free speech online or challenging unconstitutional surveillance, your participation makes a difference. Every donation gives technology users who value freedom online a stronger voice and more formidable advocate.
Please consider becoming an EFF member today.
EFF Issue #672
https://www.eff.org/sites/default/files/eff_logo.png
Looking Forward, Looking Back: 2014 in Review
It has been a momentous year in the fight for digital civil liberties. From major developments in our work to end illegal mass surveillance by the NSA, to critical moments that could define the future of net neutrality, to rumblings of new legal structures around copyright and patent law, and much more: 2014 was busy, and 2015 promises to be even busier.
With such a big year behind us, it's important to take a look back at all that EFF and our members have accomplished--in the courtroom, through activism campaigns, and with cutting-edge security technology. Join us in reviewing the milestones from the past year below, and in looking forward to the critical moments ahead.
- •Net Neutrality Takes a Wild Ride
•8 Stellar Surveillance Scoops
•Web Encryption Gets Stronger and More Widespread
•Big Patent Reform Wins in Court, Defeat (For Now) in Congress
•International Copyright Law
•More Time in the Spotlight for NSLs
•The State of Free Expression Online
•What We Learned About NSA Spying in 2014--And What We're Fighting to Expose in 2015
•"Fair Use Is Working!"
•Email Encryption Grew Tremendously, but Still Needs Work
•Spies Vs. Spied, Worldwide
•The Fight in Congress to End the NSA's Mass Spying
•Open Access Movement Broadens, Moves Forward
•Stingrays Go Mainstream
•Three Vulnerabilities That Rocked the Online Security World •Mobile Privacy and Security Takes Two Steps Forward, One Step Back
•It Was a Pivotal Year in TPP Activism but the Biggest Fight Is Still to Come
•The Government Spent a Lot of Time in Court Defending NSA Spying Last Year
•Let's Encrypt (the Entire Web)
EFF Updates
In Wake of Charlie Hebdo Attack, Let's Not Sacrifice Even More Rights
EFF is stunned and deeply saddened by the attack on Charlie Hebdo, a French satirical newspaper. As free speech advocates, we mourn the use of violence against individuals who used creativity and free expression to engage in cultural and political criticism. Murder is the ultimate form of censorship.
State Courts Strike Blows to Criminal DNA Collection Laws in 2014--What to Look for in 2015
After years of bad DNA law, 2014 laid the groundwork for better, more privacy-protecting procedures. In the wake of Maryland v. King--the 2013 U.S. Supreme Court case upholding warrantless, suspicionless DNA collection from arrestees under Maryland state law--the constitutionality of DNA collection in the criminal context has continued to present challenging issues for courts.
Ford Tries to Shut Down Independent Repair Tool with Copyright
The Ford Motor Company has recently sued a manufacturer of third-party diagnostics for creating a tool that includes a list of Ford car parts and their specifications. Ford claims that it owns a copyright on this list of parts, the "FFData file," and thus can keep competitors from including it in their diagnostic tools. It also claims that the company violated the anti-circumvention provisions of the Digital Millennium Copyright Act by writing a program to defeat the "encryption technology and obfuscation" that Ford used to make the file difficult to read.
It's Not Too Late for Uber to Avoid Stupid Patent of the Month
As our devoted readers are aware, each month we highlight a Stupid Patent. This time, in the holiday spirit, we decided to highlight a Stupid Patent application. You see, we recently learned that Uber has filed for a patent on something so basic, so fundamental to our economic system, that it should be called out now before it becomes too late for both Uber and the public.
Supported by Members
Our members make it possible for EFF to bring legal and technological expertise into crucial battles about online rights. Whether defending free speech online or challenging unconstitutional surveillance, your participation makes a difference. Every donation gives technology users who value freedom online a stronger voice and more formidable advocate.
Please consider becoming an EFF member today.
Reproduction of this publication in electronic media is encouraged.
This newsletter is printed from 100% recycled electrons.
Space holder Issue #673
https://www.eff.org/sites/all/themes.../logo_full.png
Issue #674
Let the Sun Shine on Government Records
"There can be no faith in government if our highest offices are excused from scrutiny - they should be setting the example of transparency." - Edward Snowden
It's Sunshine Week—an annual celebration of government transparency and access to public records. Government transparency is one of our core values, and EFF has been fighting in the courts for greater access to records about mass surveillance, drone flights in the United States, misconduct by intelligence agencies, government efforts to expand electronic surveillance, and much more.
To celebrate Sunshine Week this year, we're introducing The Foilies, our "awards" for the most outrageous responses to Freedom of Information Act requests. We solicited suggestions from our members and friends, and found some remarkable and absurd government excuses for keeping the public in the dark:
EFF Updates
EFF Outlines Plan to Fix the Broken Patent System
EFF released a new whitepaper outlining the problems with the U.S. patent system and how Congress and the White House can mitigate the impact of vague patents and patent trolls. The "Defend Innovation" whitepaper is the culmination of two-and-a-half years worth of research, drawing from the stories, expertise, and ideas of more than 16,500 people who agree that the current patent system is broken. Read our report.
Are Your Devices Hardwired for Betrayal?
Kaspersky Lab recently released a report demonstrating for the first time that firmware-based attacks have been used in the wild by malware authors. This should serve as a wake-up call to security professionals and the hardware industry in general: firmware-based attacks are real and their numbers will only increase. If we don't address this issue now, we risk facing disastrous consequences.
Blurred Lines Copyright Verdict is Bad News for Music
A federal jury in Los Angeles found that the 2013 song "Blurred Lines" was an infringement of Marvin Gaye's "Got to Give It Up" composition from 1977. Following the 7-million-dollar verdict, professional musicians are waking up to a fact that ordinary Internet users have long known: our overbearing copyright laws are a threat to creativity
Will the U.S. Senate Allow Big Media to Hold Blind People for Ransom?
Congress should ratify the Marrakesh Treaty, which would help create global limitations to copyright that would improve accessibility for people who are blind or have other reading disabilities. But in an act of craven cynicism, the copyright lobby is trying to tie its passage to another agreement—the Beijing Treaty—which could fatten Hollywood profit margins by creating a new thicket of restrictions on audiovisual works.
Net Neutrality Order is a Win, with a Few Blemishes
The Federal Communications Commission voted 3-2 in favor of net neutrality rules. As promised, the rules start by putting net neutrality on the right legal footing, which means they have a much stronger chance of surviving the inevitable legal challenge. There's much to appreciate, including bright line rules against blocking, throttling, and paid prioritization of Internet traffic. Nonetheless, we remain concerned about certain elements—including the "general conduct" rule.
A Blimp to Protest TPP
Senator Ron Wyden has been getting an unexpected guest showing up outside his recent town hall meetings: a friendly blimp, flown by our friends at Fight for the Future. The blimp is flying high to urge the senator to continue his record of defending Internet rights by opposing attempts to fast track the Trans Pacific Partnership.
CITIZENFOUR Wins Oscar for Best Documentary
CITIZENFOUR, Laura Poitras' riveting documentary following Edward Snowden's journey as he blew the whistle on mass surveillance by the NSA, won an Oscar for best documentary. The film is available on iTunes, HBO, and in some theaters.
ACLU and Wikimedia Sue Over NSA Internet Surveillance
A new ACLU lawsuit challenges dragnet NSA spying on behalf of Wikimedia and a broad coalition of educational, human rights, legal, and media organizations whose work depends on the privacy of their communications.
https://www.eff.org/sites/all/themes.../logo_full.png
Issue #678
Senate Attempts Last-Ditch Effort to Reauthorize Patriot Act Spying
Senator Mitch McConnell is attempting to extend the NSA's mass phone records surveillance program. A few days ago, he introduced a bill to extend Section 215 of the Patriot Act for 60 days. McConnell's temporary reauthorization is designed to deflect public attention on this issue and give NSA apologists more time to water down reform efforts.
With your help, we can stop him. If you're in the United States, please pick up the phone and call your Senators. If you're outside the United States, please share this urgent alert on Facebook and Twitter.
Right now, we're in a powerful position to push for strong reforms to mass spying. On June 1, Section 215 is set to expire. Perhaps more importantly, the U.S. Court of Appeals for the Second Circuit recently ruled the whole program illegal. Let's send a strong message to Congress: not one more day of phone record surveillance. Let's rein in NSA mass spying under the Patriot Act, then use that energy to fuel our larger agenda of ending global mass surveillance once and for all.
Fast Track Looms for Trans-Pacific Partnership
For a few hours last week, it looked like the tide had turned against the massive and sprawling Trans-Pacific Partnership agreement, as a group of Senate Democrats refused to let the Fast Track deal proceed to the floor for debate. We've targeted Fast Track because it's considered essential for TPP: without a deal to limit Congress to an up-or-down vote on the entire secretive agreement only after it's been finalized, the text and its anti-user, anti-consumer clauses would face scrutiny that they simply could not withstand.
On Thursday, though, the Senate reached a compromise and will allow Fast Track to proceed to the debate and vote stage. TPP and its ilk remain a looming threat as we turn our attention to the Senate floor, and to the House of Representatives, in order to stop our elected lawmakers from greasing the skids for an agreement the public cannot read but knows spells trouble.
If you are in the United States, it's more important than ever that you speak up now and tell your lawmakers to oppose Fast Track.
EFF Updates
New EFF '404' Report Shows How Draconian Copyright Policies Stifle Online Speech Worldwide
Overly broad intellectual property laws in Russia, Colombia, and Pakistan—which U.S. trade regulators say aren’t tough enough—stifle access to innovation and threaten artists, students, and creators around the globe with prison, censorship, and state prosecution. EFF's newest report documents these and other problems with intellectual property laws worldwide, offering a first-of-its-kind analysis countering the U.S. Trade Representative's annual report.
EFF and Gamers to Copyright Office: Multiplayer Matters (Of Course)
The Entertainment Software Association responded to EFF's submission in the ongoing rulemaking on Section 1201 of the Digital Millennium Copyright Act by saying it doesn't think online multiplayer play really matters. In a comment to the Copyright Office, the ESA has claimed that "it is inaccurate to suggest that multiplayer gameplay over the Internet is a ‘core’ functionality of [a] video game." We couldn't disagree more.
California Wants to Create a Task Force to Review Computer Crime Policies--Guess Who's Not Invited to the Table
Whenever lawmakers congregate to discuss computer crime, you can reliably predict that the debate will gravitate toward expanding police powers, leaving the realistic concerns of everyday Internet users by the wayside. The make-up of California's proposed High Technology Crimes Task Force, which would be assigned to reevaluate the laws governing prosecution of identity theft, credit card fraud, and unspecified "Internet crimes," suggests more of the same.
What Every Librarian Needs to Know About HTTPS
For librarians, simply protecting people's book check-out records is no longer enough. Library patrons frequently access catalogs and other services over the Internet. We have learned in the last two years that the NSA is unconstitutionally hoovering up and retaining massive amounts of Internet traffic. That means that before a patron even checks out a book, their search for that book in an online catalog may already have been recorded. And the NSA is not the only threat. Other patrons, using off-the-shelf tools, can intercept queries and login data merely by virtue of being on the same network as their target. Fortunately, HTTPS is a solution, and it's getting easier to deploy every day.
EFF Asks Patent Office to Focus On Protecting Public from Bad Patents
EFF has joined Public Knowledge and Engine in submitting written comments to the Patent Office regarding its Patent Quality Initiative. We urge the Patent Office to ensure that this program actually reduces the number of invalid patents being issued. Its quality efforts should serve the public interest, not the special interests of patent applicants.
miniLinks
Organization of American States on NSA's Metadata Programs
The top human rights watchdog for the Americas, the Organization of American States, has issued a strong call for reform of the NSA mass surveillance metadata programs to bring them into line with international human rights law.
John Deere: You "Own" Your Tractor, But We Can Still Rip You Off
Our request for copyright law exemptions to cover car security research and repair has kicked off a major debate about what manufacturers think "ownership" really is. Here, Cory Doctorow takes on John Deere's latest entry: a letter to dealers about what they're actually selling.
Canadian Prime Minister Letter Confirms Industry Lobbying Tied to Copyright Extension
Michael Geist has obtained a revealing letter from Candian Prime Minister Stephen Harper to Music Canada, an industry lobbying group.
More of this newsletter here.
This Article courtesy of Electronic Frontier Foundation
Finally some good news for (California) citizens concerned for rights to privacy.
https://www.eff.org/sites/all/themes.../logo_full.png
Success in Sacramento: Four New Laws, One Veto—All Victories for Privacy and Transparency
By Dave Maass
October 2015
There’s an adage that goes: “As goes California, so goes the nation.” In all fairness, that’s said about a lot of states, but we believe it is especially true for California, since not only is the Golden State bigger in population and GDP than most sovereign nations, but because so many technological companies are headquartered here. A new law in California can have nation-wide, and potentially global, ramifications.
This year, EFF beefed up its in advocacy in Sacramento with the aim of moving the needle forward on digital freedom in the California legislature. We assembled a team of internal activists and lawyers and hired an excellent lobbying duo—Samantha Corbin and Danielle Kando-Kaiser of Corbin and Kaiser. Now that we’re at the end of the legislative session, we can say with zero uncertainty that our mission was a success.
Last week, the governor signed three bills reining in heretofore unchecked electronic surveillance and another bill requiring new transparency measures on the local level. He also vetoed a bill that would’ve started embedding tracking chips in driver licenses.
Here’s a round-up of our legislative victories:
S.B. 178 (Leno) – The California Electronic Communications Privacy Act
California now has what Wired has called the “nation’s best digital privacy law.”
The California Electronic Communications Privacy (CalECPA) ensures that when state law enforcement wants to search or obtain your digital records, such as email, or track your location through your device, they need to get a warrant first. Not only does the bill protect data on devices and in the cloud, it also means that California police will need to get a warrant before they can use an IMSI catcher (i.e. a “Stingray” or “Dirtbox”) to emulate a cell phone tower. Evidence obtained illegally under this law is inadmissible in court.
EFF, the ACLU, and the California Newspaper Publisher Association were original sponsors of the bill, which was championed by Sen. Mark Leno (D-San Francisco) and Sen. Joel Anderson (R-Alpine). We were joined by a long list of tech companies—such as Google, LinkedIn, Apple, and Twitter—as well as law professors, child advocates, community justice organizations, and a slew of newspaper editorial boards. The state’s major law enforcement associations withdrew their opposition to the bill, issuing positive statements about the balance between public safety and privacy, while the San Diego Police Officers Association endorsed it without reservation. Thousands of Californians sent emails to the governor demanding his signature on the bill, and tens of thousands more signed petitions, which the ACLU and EFF delivered to the governor’s office in the form of dot matrix print-outs.
Wired is right: California now leads the nation in digital privacy, which we hope will carry over to federal reforms.
S.B. 34 (Hill) Automated license plate recognition systems
S.B. 34 introduces a whole slew of accountability measures for public agencies and private companies that operate automated license plate recognition (ALPR) systems.
ALPR systems are networks of cameras that collect license plates of any car that passes. EFF has long been concerned about these mass surveillance systems because this information, in aggregate, can reveal sensitive information about drivers, including where they worship, what doctors they see, and where they sleep at night.
Here are some of the key provisions of the new law, which adds ALPR to the list of the types of information covered by the state’s data breach laws:
ALPR operators are required to “maintain reasonable security procedures and practices, including operational, administrative, technical, and physical safeguards, to protect ALPR information from unauthorized access, destruction, use, modification, or disclosure.”
ALPR operators will need to create usage and privacy policy that is “consistent with respect for individuals’ privacy and civil liberties.” This policy must be available to the public in writing—including online, if the operator has a website.
The policies at a minimum must describe the purpose of the system, the retention policies for the data, and, how data will be shared or sold. The policy must also explain who can access the system and the training requirements for accessing the system. The policies must further include how data will be protected and how the data will be ensured and errors will be corrected.
You can sue an ALPR operator if a data breach or unauthorized access harms you.
Public agencies that use ALPR have further restrictions. For one, agencies must provide an opportunity for public comment before implement an ALPR program. They also can’t sell or share ALPR data, except with other public agencies.
S.B. 741 (Hill) Mobile communications privacy
S.B. 741 applies similar principles as S.B. 34, but to “cellular communications interception technology,” such as IMSI catchers (a.k.a. "Stingrays" and "Dirtboxes"), including public disclosures about the use of this surveillance equipment. The new law says:
A public agency that uses a cell site simulator must maintain adequate security measures to protect collected data from “unauthorized access, destruction, use, modification, or disclosure.”
A public agency must adopt a usage and privacy policy that is “consistent with respect for an individual’s privacy and civil liberties.”
Local agencies must disclose the existence of agreements with other agencies regarding the IMSI catchers and help limit the use of non-disclosure agreements to hide how law enforcement uses this equipment.
Local agencies, with the exception of sheriff departments, will not be able to obtain this equipment without approval of the legislative body and a public process. Sheriffs will need to at the very least provide public notice online of the acquisition of these devices.
An individual harmed by violations of this law can sue the agency.
Read our letter to Gov. Brown about this bill.
S.B. 249 (Hueso) Enhanced Driver Licenses
Under S.B. 249, the Department of Motor Vehicles would have begun issuing “Enhanced Driver Licenses” (EDLs), identity cards with an embedded RFID chip. The bill’s authors believed this would relieve congestion at the Mexican border, because it would allow the checkpoints to begin verifying your identity while you’re still queuing up in your vehicle. The RFID chip make it possible for your identification number to be read up to 30 feet away.
EFF opposed this bill because RFID is an insecure technology that could reveal your identity and location to anyone with an RFID reader. As a meager security measure, the law would have required the DMV to hand out little protective envelopes, although research has shown these envelopes to be ineffective. At one point, the bill ensured that these EDLs were optional. However, at the last minute, legislators stripped out measures that would have protected civil liberties and privacy. The version that arrived on the governor’s desk would have allowed an employer to discriminate against employees who did not apply for EDLs.
Hundreds of members of the public sent emails to the legislature and governor opposing S.B. 249. Ultimately, Brown vetoed the bill with the message that EDLs are unnecessary, since there are already other options out there to ease border-crossing wait times.
S.B. 272 (Hertzberg) – Disclosure of Enterprise Systems
Transparency measures had a hard time this legislative session. EFF supported S.B. 573, which would have created the state-level position of Chief Data Officer, who would have been charged with creating an open data hub and open data roadmap. Unfortunately, the bill died in committee.
However, another bill we supported, S.B. 272, made it to the governor’s desk and was signed. The new law would require local agencies to create catalogs of “enterprise systems” that store information and post this information to their websites. For each data system, the agencies must disclose the purpose of the system, what kind of data is stored in it, how often it is stored and updated, and the vendors offering the product. By doing so, we believe local agencies will allow for greater accountability and transparency regarding the types of information collected on members of the public.
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 691st
House Holds Closed Hearing on Section 702 Surveillance, Rejecting Calls for Transparency
Our elected representatives are once again cutting out the public from an important debate over mass surveillance. The House Judiciary Committee held a "members only" meeting today to discuss Section 702 of the FISA Amendment Acts, the law on which the NSA relies to operate its notorious PRISM surveillance program and to tap into the backbone of the Internet. Last week, EFF joined two dozen civil liberties, human rights, and transparency organizations, demanding in writing that leaders of the House Judiciary Committee open the hearing, at least in part, to the public. Instead, the committee heard today only from a panel of intelligence officials drawn from the NSA, FBI, DOJ, and ODNI who released a 12-page unclassified statement.
EFF Updates
Data Privacy Day: Take Charge of Your Family’s Privacy
Data Privacy Day, dedicated to promoting and raising awareness of privacy and data protection around the globe, was Thursday, January 28. Commemorating the 35th anniversary of the first legally binding international treaty dealing with privacy and data protection, it offered a great excuse to take charge of not only your own privacy, but also the privacy of any school children in your life.
Hacking the Patent System: Improved, Expanded Guide to Patent Licensing Alternatives
We're pleased to announce the 2016 edition of Hacking the Patent System, a guide to alternative patent licensing produced by the Juelsgaard Intellectual Property & Innovation Clinic at Stanford Law School in partnership with EFF and Engine. First published in 2014, the guide provides an overview of several tools that inventors and innovators could use to avert unnecessary and costly patent litigation while we continue to push for reforms to make the patent system into the engine of innovation that it should be.
"No Cost" License Plate Readers Are Turning Texas Police into Mobile Debt Collectors and Data Miners
Vigilant Solutions, one of the country's largest brokers of vehicle surveillance technology, is offering a hell of a deal to law enforcement agencies in Texas: a whole suite of automated license plate reader (ALPR) equipment and access to the company's databases and analytical tools—and it won't cost the agency a dime. Instead of paying for ALPR gear themselves, Texas police fund it by gouging people who have outstanding court fines and handing Vigilant all of the data they gather on drivers for nearly unlimited commercial use.
The Commerce Department Has Good Recommendations For Fixing Copyright Law—But More is Needed
The U.S. Commerce Department released its long-awaited White Paper on fixes to copyright law last week and it's a mixed bag. It includes some good recommendations on how Congress should change the law, but punts on some crucial enduring problems. While the department's recommendations include welcome ideas on how to protect artists and innovators in digital media from unnecessary risks, they don’t go far enough.
miniLinks
White House denies clearance to tech researcher with links to Snowden
The White House denied a security clearance to a Pulitzer prize-winning journalist and recent FTC staffer who previously helped report on the Snowden revelations. While the reasons have not been disclosed, Ashkan Soltani's departure raises important questions about the U.S. government’s ability to partner with the broader tech community.
Some presidential candidates want the encryption debate resolved behind closed doors
Some 2016 presidential candidates are really not in the mood to speak publicly about technology that affects virtually every American's privacy. Candidates in both parties, aware that there is no clear-cut encryption solution in which they will emerge as terrorist-fighting heroes, would prefer to keep their plans on this vital issue secret.
Ban internet anonymity – says US Homeland Security official
Internet anonymity should be banned and everyone required to carry the equivalent of a license plate when driving around online. That's according to Erik Barnett, the U.S. Department of Homeland Security's attache to the European Union. Writing in French policy magazine FIC Observatoire, Barnett somewhat predictably relies on the existence of child abuse images to explain why everyone in the world should be easily monitored.
__________________________________________________ ____________________________________
Supported by Donors
Our members make it possible for EFF to bring legal and technological expertise into crucial battles about online rights. Whether defending free speech online or challenging unconstitutional surveillance, your participation makes a difference. Every donation gives technology users who value freedom online a stronger voice and more formidable advocate.
If you aren't already, please consider becoming an EFF member today.
View as webpage
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 702
DMCA 1201: The Law That Locks Down Tech
Some day, your life may depend on the work of a security researcher. Whether it’s a simple malfunction in a piece of computerized medical equipment or a malicious compromise of your networked car, it’s critically important that people working in security can find and fix the problem before the worst happens.
And yet, Section 1201 of the Digital Millennium Copyright Act (DMCA) casts a dark legal cloud over the work of those researchers. It gives companies a blunt instrument with which to threaten that research, keeping potentially embarrassing or costly errors from seeing the light of day. EFF believes that 1201 is unconstitutional, and today, we’re taking our case to court.
Copyright law shouldn’t cast a legal shadow over activities as basic as popping the hood of your own car, offering commentary on a shared piece of culture, or testing security infrastructure. It’s time for the courts to revisit Section 1201 and fix Congress’ constitutional mistake.
EFF Updates
Security Experts: Tell the W3C To Protect Researchers Who Investigate Browsers
The World Wide Web Consortium (W3C) has taken the extraordinary, controversial step of standardizing digital rights management (DRM) technology in the official HTML5 specifications. Because of laws protecting DRM, that means that security researchers who reveal flaws in HTML5-compliant browsers could face serious legal repercussions. We’re calling on security researchers to help us urge the W3C to protect their important work.
Ninth Circuit Panel Backs Away From Dangerous Password Sharing Decision—But Creates Even More Confusion About the CFAA
Three judges of the Ninth Circuit Court of Appeals have taken a step back from criminalizing password sharing, limiting the dangerous rationale of a recent decision issued by the same court. That’s good news, but the new decision creates even more confusion about how to interpret the notoriously vague Computer Fraud and Abuse Act.
New EEOC Rules Allow Employers to Pay for Employees’ Health Information
The Affordable Care Act provisions for employee wellness programs give employers the power to reward or penalize their employees based on whether they complete health screenings and participate in fitness programs. Wellness programs put employees in a bind: give your employer access to extensive, private health data, or give up potentially thousands of dollars a year.
California Grounds Two Bad Drone Bills
Two bills were introduced in the California legislature this session to regulate the use of drones. Both were overly restrictive of private drone use, even potentially criminalizing fun and educational drone sports events. Now, we’re happy to announce that both of these drone bills have been grounded.
EFF Joins Stars to Rock Against the TPP and Finally Defeat It
EFF is proud to support Rock Against the TPP, a series of music festivals and rallies around the country to protest the Trans-Pacific Partnership. Fight for the Future is organizing the rallies featuring Tom Morello, Talib Kweli, and many other big names. Together, we can send the message to Congress to refuse to ratify the TPP.
Tell Your Senators: Don’t Give FBI More Power to Spy on Browser History
Despite strong opposition in Congress and from the grassroots, the FBI is still pushing to expand its National Security Letter (NSL) authority. The proposed amendments would allow the FBI to serve companies with NSLs and obtain a wide range of Internet records including browsing history. Take a moment to tell your Senators to vote against expanding NSL powers.
Patents: The Next Open Access Fight
Signs are looking good that Congress will finally pass a bill requiring that publicly funded research be made available to the public. Even if we pass an open access law this year, though, there’s still a major obstacle in the way of publicly funded research fully benefiting the public: patent trolls.
New Court Ruling Underscores the Need to Stop the Changes to Rule 41
A federal court recently held that individuals have no reasonable expectation of privacy in a personal computer located inside their home. In this court’s view, the FBI is free to hack into networked devices without a warrant. This stunning decision makes it clear that we need to stop the changes to Rule 41, amendments that will make it easier for the government to get a warrant to remotely search computers.
With Canada’s Entry, Treaty for the Blind Will Come Into Force
A groundbreaking international agreement to address the “book famine” for blind and print-disabled people is now set to go into force after passing a key milestone. The agreement requires countries to allow the reproduction and distribution of accessible ebooks by limiting the scope of copyright restrictions.
Stupid Patent of the Month: Storage Cabinets on a Computer
This month’s stupid patent claims the idea of using “virtual cabinets” to graphically represent data storage and organization. The patent’s owner has been using it to sue just about anyone who runs a website.
miniLinks
Bulgaria Passes Law Requiring Government Software to Be Open Source (ZDNet)
Bulgaria’s new open source law is a win for transparency and security.
The Fight for the Right to Repair (Smithsonian)
Laws that keep technology locked down make everyone less safe.
Startups Should Be Watching as the Supreme Court Decides Samsung v. Apple (Recode)
A dispute over design patents could have major ramifications for the future of innovation.
Supported by Donors
Our members make it possible for EFF to bring legal and technological expertise into crucial battles about online rights. Whether defending free speech online or challenging unconstitutional surveillance, your participation makes a difference. Every donation gives technology users who value freedom online a stronger voice and more formidable advocate.
If you aren't already, please consider becoming an EFF member today.
Donate Today
Administrivia
Editor: Elliot Harmon, Activist
editor@eff.org
EFFector is a publication of the Electronic Frontier Foundation.
eff.org
Membership & donation queries: membership@eff.org
General EFF, legal, policy, or online resources queries: info@eff.org
Reproduction of this publication in electronic media is encouraged.
Calikid,
Thanks for the updates.
Truly mind-boggling, privacy is a thing of the past.
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 703
Malware Linked to Government of Kazakhstan Targets Journalists, Political Activists, Lawyers
EFF has discovered that critics have Kazakhstan’s government have been systematically targeted by a phishing and malware campaign. Based on the evidence available, we believe that the government itself is behind the attack.
Stand Up for Open Access. Stand Up for Diego.
Colombian graduate student Diego Gomez shared another student’s Master’s thesis with colleagues over the Internet. That simple act—something that many people all over the world do every day—put Diego at risk of spending years in prison. Closing arguments in Diego’s trial are scheduled for this week.
When laws punish intellectual curiosity, everyone suffers; not just researchers, but also the people who would benefit from their research. Please join us in standing with Diego; together, we can fight for a time when everyone can access and share the world’s research.
EFF Updates
DRM: You Have the Right to Know What You’re Buying
EFF and a coalition of organizations and individuals are asking the U.S. Federal Trade Commission to require retailers to warn you when the products you buy come locked down by DRM (digital rights management). We think that customers have the right to know when they’re buying something with technical restrictions built in.
Copyright Office Jumps Into Set-Top Box Debate, Says Hollywood Should Control Your TV
The FCC has proposed a rule change that would allow pay TV customers choose devices and apps from anywhere rather than being forced to use the box and associated software provided by the cable company. Major entertainment companies are trying to derail the effort with misleading arguments about copyright law.
Victory! Oregon Supreme Court Agrees that Violating a Company Rule is Not a Computer Crime
Violating a company rule is not—and should not be—a computer crime. Some prosecutors are trying to use statutes targeting computer break-ins in order to enforce employer policies, but the Oregon Supreme Court is not buying it.
What to Do About Lawless Government Hacking and the Weakening of Digital Security
When governments hack computers for law enforcement purposes, it can directly impact everyone’s digital security. It’s time for a public discussion on whether, when, and how governments can be empowered to break into our computers, phones, and other devices.
Protecting the Fourth Amendment in the Information Age: A Response to Robert Litt
There’s a debate taking place over how the Fourth Amendment should be interpreted in the Internet age. Some commentators insist that Constitutional privacy protections don’t apply to most mass surveillance. Such arguments ignore the reasons why we have a Fourth Amendment in the first place.
First Aereo, Now FilmOn: Another Fight for Innovation and Competition in TV Technology
Once again, big media companies are trying to use copyright law to stop new startups. This time, FilmOn is fighting in multiple lawsuits around the U.S. for the right to capture local TV broadcasts and stream them to paying subscribers.
Stupid Patent of the Month: Solocron Education Trolls With Password Patent
A company called Solocron is filing lawsuits left and right over its “verification system” for educational content. What kind of verification system does Solocron claim to have invented? Passwords.
Bipartisan Caucus Launches in the House to Defend Fourth Amendment
On matters implicating privacy, Congress has too often failed to fulfill its responsibilities. By neglecting to examine basic facts and deferring to executive agencies whose secrets preclude meaningful debate, lawmakers have allowed proposals that undermine constitutional rights to repeatedly become enshrined in law. With the recent launch of a new bipartisan Fourth Amendment Caucus in the House, the Constitution has gained a formidable ally.
View as webpage
Reproduction of this publication in electronic media is encouraged.
Aug 10, 2016
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 704
With Windows 10, Microsoft Blatantly Disregards User Choice and Privacy
Microsoft had an ambitious goal with the launch of Windows 10: a billion devices running the software by the end of 2018. In its quest to reach that goal, the company aggressively pushed Windows 10 on its users and even offered free upgrades for a whole year. There’s nothing wrong with encouraging users to upgrade their software, but the user should always be in control.
In its eagerness to move every Windows user to Windows 10, Microsoft has ignored two of the keystones of modern computing: user choice and privacy. The company has used tactics that have essentially amounted to tricking users into making the upgrade. That’s particularly troubling when Windows 10 sends an unprecedented amount of user data to Microsoft servers.
EFF Updates
Civil Rights Coalition files FCC Complaint Against Baltimore Police Department
The Center for Media Justice, ColorOfChange.org, and New America’s Open Technology Institute recently filed a complaint with the Federal Communications Commission alleging the Baltimore police are violating the federal Communications Act with their use of cell site simulators, also known as Stingrays. This technology disrupts cellphone calls and interferes with the cellular network—and does it in a way that has a disproportionate impact on communities of color. If you want to see the FCC take action, tell the commissioners now.
Tell Your University: Don’t Sell Patents to Trolls
When universities invent, those inventions should benefit everyone. Unfortunately, they sometimes end up in the hands of patent trolls—companies that serve no purpose but to amass patents and demand money from innovators. If you think that universities shouldn’t do business with trolls, then join us in calling on your college or university to stand up for real innovation.
U.S. Customs and Border Protection Wants to Know Who You Are on Twitter—But It’s a Flawed Plan
U.S. border control agents want to gather Facebook and Twitter identities from visitors from around the world. But this flawed plan would violate travelers’ privacy, and would have a wide-ranging impact on freedom of expression—all while doing little or nothing to protect Americans from terrorism.
The Global Ambitions of Pakistan’s New Cyber-Crime Act
Pakistan’s Prevention of Electronic Crimes Bill (PECB) last week passed into law despite near unanimous condemnation from tech experts and serious concerns from civil liberties groups. The PECB isn’t only a tragedy for free expression and privacy within Pakistan; it also has dangerous ramifications for Pakistan nationals abroad and frightening implications for international criminal law in general.
California Lawmaker Pulls Digital Currency Bill After EFF Opposition
For the second year in a row, EFF and a coalition of virtual currency and consumer protection organizations have beaten back a California bill that would have created untenable burdens for the emerging cryptocurrency community.
White House Source Code Policy Should Go Further
A new federal government policy will result in the government releasing more of the software that it creates under free and open source software licenses. That’s great news, but the policy doesn’t go far enough in its goals or in enabling public oversight.
Word Games: What the NSA Means by “Targeted” Surveillance Under Section 702
We all know that the NSA uses word games to hide and downplay its activities. Words like “collect,” “conversations,” “communications,” and even “surveillance” have suffered tortured definitions that create confusion rather than clarity. There’s another one to watch: “targeted” surveillance.
The FCC Can’t Save Community Broadband—But We Can
While most of us were focused on the FCC’s Open Internet Order to protect net neutrality last year, the FCC quietly did one more thing: it voted to override certain state regulations that inhibit the development and expansion of community broadband projects. A federal appeals court recently rejected the FCC’s effort, but the fight for community broadband is far from over.
We Shouldn’t Wait Another Fifteen Years for a Conversation About Government Hacking
With high-profile hacks in the headlines and government officials trying to reopen a long-settled debate about encryption, information security has become a mainstream issue. But we feel that one element of digital security hasn't received enough critical attention: the role of government in acquiring and exploiting vulnerabilities and hacking for law enforcement and intelligence purposes.
Reproduction of this publication in electronic media is encouraged.
View this issue as a webpage
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 705
How to Change Your WhatsApp Settings Before Facebook Data Sharing Begins
WhatsApp is establishing data-sharing practices that signal a significant shift in its attitude toward privacy—though you wouldn’t know it from the privacy policy update that popped up on users’ screens recently. The new policy lays the groundwork for alarming data sharing between WhatsApp and its parent company Facebook.
Existing WhatsApp users have until September 25 to click through this update and agree or not agree to Facebook using their WhatsApp data to suggest friends and serve ads. Unfortunately, WhatsApp’s user interface does not offer clear information about what the new privacy policy will change and buries mechanisms for opting out. We urge WhatsApp to make available settings and options more obvious to users. Until then, see this post for a step-by-step guide to change your account settings, and read more about what these changes mean for user privacy.
EFF Updates
EFF Presents the 25th Annual Pioneer Awards
On September 21 in San Francisco, we will be celebrating the work of the 2016 Pioneer Award winners: Malkia Cyril, Max Schrems, the authors of “Keys Under Doormats,” and California State Senators Mark Leno and Joel Anderson. The celebration will include drinks, bytes, and excellent company. Join us!
The Shadow Brokers Publish NSA Spy Tools, Demonstrating Possible Flaws in the NSA’s Approach to Security Vulnerabilities
A group calling itself the Shadow Brokers recently released powerful surveillance tools publicly on the Web and promises to publish more dangerous tools for the price of one million bitcoin. Lots of people want to speculate on how this leak could have happened and on whether there are more powerful hacking tools that will go public soon. But that’s missing the bigger question: is it time to create a real process that could, in some circumstances, force the NSA to disclose security flaws to American companies, so vulnerable systems can get patched?
Latest Leak Confirms European Copyright Plans Offer Little for Users
The draft text of a European Commission Directive on copyright has leaked, and we’ve reviewed some of the proposed changes. The most concerning elements are new responsibilities on Internet platforms and new copyright-like rights for publishers. Even aspects that sound good on the surface come with some annoying limitations.
Stupid Patent of the Month: Elsevier Patents Online Peer Review
On August 30, 2016, the Patent Office issued U.S. Patent No. 9,430,468, titled: “Online peer review and method.” The owner of this patent is none other than Elsevier, the giant academic publisher. When it first applied for the patent, Elsevier sought very broad claims that could have covered a wide range of online peer review. Fortunately, by the time the patent actually issued, its claims had been narrowed significantly. We think the patent is stupid, invalid, and an indictment of the system.
Do Over, Please: EFF and ACLU Ask Ninth Circuit to Revisit Two Dangerous CFAA Rulings
Imagine being convicted of a crime for logging into a friend’s social media account with their permission. Or for logging into your spouse’s bank account to pay a bill, even though a pop-up banner appeared stating that only account holders were permitted to access the system. The Ninth Circuit Court of Appeals last month issued two decisions—by two different three-judge panels in two separate cases—which seem to turn such actions into federal crimes.
Transparency Hunters Capture More than 400 California Database Catalogs
A team of over 40 transparency activists aimed their browsers at California this past weekend, collecting more than 400 database catalogs from local government agencies, as required under a new state law. Together, participants in the California Database Hunt shined light on thousands upon thousands of government record systems.
European Copyright Leak Exposes Plans to Force the Internet to Subsidize Publishers
A just-leaked draft impact assessment on the modernization of European copyright rules could spell the end for many online services in Europe as we know them. The document’s recommendations foreshadow a new European Union Directive on copyright to be introduced later this year, that will ultimately bind each of the 28 member states. If these recommendations by the European Commission are put in place, Europe’s Internet will never be the same, and these impacts are likely to reverberate around the world.
Justice Department Pressed to Intervene When Police Arrest Grassroots Journalists
Across the country, civilian journalists have documented government violence using cell phones to record police activities, forcing a much-needed national discourse. But in case after case, the people who face penalties in the wake of police violence are the courageous and quick-witted residents who use technology to enable transparency.
miniLinks
Inside the Secret Court That Rules the World (BuzzFeed News)
BuzzFeed News has kicked off an investigative series on the “secret justice system” in agreements like the TPP.
Secret Cameras Record Baltimore's Every Move from Above (Bloomberg BusinessWeek)
Baltimore police are using real-time aerial surveillance without public disclosure.
Warrant for Former DA Paul Zellerbach in Wiretap Case (The Desert Sun)
California judge issues contempt warrant for the Riverside District Attorney behind a fifth of all U.S. wiretaps.
This newsletter is printed from 100% recycled electrons.
Reproduction of this publication in electronic media is encouraged.
View as a webpage
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 706 - pg 1 of 2.
The FBI’s Unprecedented and Illegal Hacking Operation
It started with a tip to the FBI from a foreign law enforcement agency that a Tor Hidden Service site called “Playpen” was hosting child pornography. That tip would ultimately lead to the largest known hacking operation in U.S. law enforcement history. The Playpen investigation—driven by the FBI's hacking campaign—resulted in hundreds of criminal prosecutions that are currently working their way through the federal courts.
The issues in these cases are technical and the alleged crimes are distasteful. But make no mistake: these cases are laying the foundation for the future expansion of law enforcement hacking in domestic criminal investigations, and the precedent these cases create is likely to impact the digital privacy rights of Internet users for years to come.
Spying on Students: Tell Us About Your Experiences with K-12 Student Privacy
School districts around the country are making use of cloud–based educational platforms and assigning laptops and tablets to students. Almost one third of all students—elementary through high school—already use school–issued digital devices, and many of these devices present a serious risk to student privacy. They collect far more information on kids than is necessary, store this information indefinitely, and sometimes even upload it to the cloud automatically. In short, they’re spying on students—and school districts, which often provide inadequate privacy policies (or no privacy policy at all), are helping them.
As the 2016-2017 school year begins, we want to hear from you about your experiences with student privacy and school-issued devices in your community. Take EFF's student privacy survey and help us paint a nation-wide picture of risks to student privacy.
EFF Updates
Facebook's Nudity Ban Affects All Kinds of Users
Facebook’s recent censorship of the iconic AP photograph of nine year-old Kim Phúc fleeing naked from a napalm bombing has once again brought the issue of commercial content moderation to the fore. Although Facebook has since apologized, the social media giant continues to defend the policy that allowed the takedown to happen in the first place.
If You Build A Censorship Machine, They Will Come
If you have the power to censor other people’s speech, special interests will try to co-opt that power for their own purposes. That’s a lesson the Motion Picture Association of America (MPAA) is learning this year. MPAA, which represents six major movie studios, also runs the private entity that assigns movie ratings in the U.S. While it’s a voluntary system with no formal connection to government, MPAA's “Classification and Ratings Administration” wields remarkable power.
4 Things to Consider When Running Social Media Campaigns About Texas Inmates
The Texas Department of Criminal Justice (TDCJ) sent shockwaves through the prisoner rights community in April when it announced a new policy forbidding inmates from participating in social media. The wording of the new TDCJ rule was vague and chillingly broad, and the community was unsure how it would be applied.
CBP Fails to Meaningfully Address Risks of Gathering Social Media Handles
We submitted comments to the U.S. Department of Homeland Security's Customs and Border Protection (CBP) agency opposing its proposal to gather social media handles from foreign visitors from Visa Waiver Program countries. CBP recently provided its preliminary responses to several of our arguments. The proposal to collect social media handles has serious flaws—and the government has failed to adequately address them.
Civil Liberties Groups Call for Stronger Oversight by House Intelligence Committee
Edward Snowden’s release of once-secret documents about U.S. intelligence surveillance focused much-needed attention on the problem of how to control the burgeoning U.S. surveillance-industrial complex. But while the USA Freedom Act began to limit national security surveillance to some extent, it did little to address the underlying problem of excessive executive branch secrecy.
Copyright Shouldn't Hold Technology Back
The FCC is about to make a decision about whether third-party companies can market their own alternatives to the set-top boxes provided by cable companies. The fight over set-top boxes isn’t just about stimulating competition to bring higher quality products to market—it’s about your basic rights as a consumer.
Tell Justin Trudeau to Fight for Web Developer Saeed Malekpour
Saeed Malekpour—a Canadian resident, Iranian citizen, and programmer—was seized by Iran’s Revolutionary Guard during a visit to his family in 2008 based on unsubstantiated accusations of connections to illegal websites. Saeed’s freedom depends on the global attention his case receives. That’s why we're asking you to write to Trudeau now, and tell the Canadian government that the world has not forgotten Saeed.
European Copyright Ruling Ushers in New Dark Era for Hyperlinks
In a case which threatens to cause turmoil for thousands if not millions of websites, the Court of Justice of the European Union decided today that a website that merely links to material that infringes copyright, can itself be found guilty of copyright infringement, provided only that the operator knew or could reasonably have known that the material was infringing.
Analog: The Last Defense Against DRM
With the recent iPhone 7 announcement, Apple confirmed what had already been widely speculated: that the new smartphone won’t have a traditional, analog headphone jack. By switching from an analog signal to a digital one, Apple has potentially given itself more control than ever over what people can do with music or other audio content on an iPhone.
Content Companies Demand Total Control of Set-Top Boxes at FCC
Major TV producers have finally said what they really want from the Federal Communications Commission (FCC) in exchange for breaking up the cable companies’ monopoly over set-top boxes. As they continue to push fake copyright arguments that experts in copyright law have roundly refuted, the big TV companies have now made clear that they do not want consumers to have the ability to search the Internet for videos and they do not want device makers to have the freedom to create devices with all of the features consumers want.
miniLinks
Unprecedented and Unlawful: The NSA’s “Upstream” Surveillance
ACLU staff attorneys explain why the NSA’s upstream collection is mass surveillance.
'Edward Snowden did this country a great service. Let him come home.'
EFF Executive Director Cindy Cohn, Bernie Sanders, Daniel Ellsberg, and former members of the NSA weigh in on whether Obama should pardon Edward Snowden.
Correcting the Record on Section 702: A Prerequisite for Meaningful Surveillance Reform
The NSA’s 702 surveillance is broader than it seems and needs reform. Jennifer Granick explains.
This newsletter is printed from 100% recycled electrons.
Reproduction of this publication in electronic media is encouraged.
View as a webpage
The "Five EFF Tools" listed below look like some useful utilities, check them out!
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 706 - page 2 of 2.
EFF to HP: Don't Hide DRM in a Security Update
HP released a deceptive security update that reconfigured thousands of printers to accept only HP’s ink cartridges rather than third-party or recycled ones. Over 10,000 of you joined EFF in calling on HP to make amends for its self-destructing printers—and we got HP’s attention. HP responded on its blog, recognizing the mistake and saying it will issue an optional firmware update to roll back the changes it had made.
We’re very glad to see HP making this step. But a number of questions remain. We want to see HP promise to never again use a security update to take away features, and to commit to not attacking security researchers who disclose vulnerabilities in its printers. HP must also be more transparent about how many printers were affected by this update, and tell us how they will communicate the optional patch to all customers. Join us in demanding that HP say "no" to DRM.
Five EFF Tools to Help You Protect Yourself Online
Do you get creeped out when an ad eerily related to your recent Internet activity seems to follow you around the web? Do you ever wonder why you sometimes see a green lock with “https” in your address bar, and other times just plain “http”? EFF’s team of technologists and computer scientists can help with tools like Privacy Badger, Panopticlick, HTTPS Everywhere, Certbot, and Surveillance Self-Defense.
EFF Updates
Google’s Allo Sends The Wrong Message About Encryption
When Google announced its new Allo messaging app, we were initially pleased to see the company responding to long-standing consumer demand for user-friendly, secure messaging. Unfortunately, it now seems that Google's response may cause more harm than good. While Allo does expose more users to end-to-end encrypted messaging, this potential benefit is outweighed by the cost of Allo’s mixed signals about what secure messaging is and how it works.
Oversight Transition Isn't Giving Away the Internet, But Won't Fix ICANN's Problems
Oversight over the performance of ICANN's IANA functions has passed from the National Telecommunications and Information Administration to ICANN's global multi-stakeholder community. Despite several weeks of heated discussion within the United States, we haven’t commented much on this transition. That’s because there has not been much to say: little has changed with the transition, and that includes the continuing threats to free expression and privacy that sometimes emerge within the domain name system.
Fair Processes, Better Outcomes
What can we do when threats to digital rights aren’t the result of a law or an individual company’s practices, but the result of a private industry agreement? Unlike laws, such agreements aren’t developed with public input or accountability. We call these invisible arrangements Shadow Regulation. EFF is proposing a set of criteria focused on inclusion, balance, and accountability to set a positive agenda for how such such agreements could be done better.
Stupid Design Patent of the Month: Rectangles on a Screen
This month’s stupid patent shows just how broken the current system of design patents is. U.S. Patent D767,583 is a patent on a design for a “display screen portion with graphical user interface.” The only thing claimed in this design patent are three rectangles at the top of a display screen and a square beneath them. This patent is both remarkably trivial and remarkably easy to be accused of infringing.
Victory! Gov. Brown Signs Bill to Overhaul California's Broken Gang Databases
Over the last few weeks, a broad coalition of civil liberties and social justice organizations rained down letters, tweets, and op-eds on Gov. Jerry Brown, urging him to sign A.B. 2298, a bill to begin the process of overhauling the state's CalGang gang affiliation database. Last week, it all paid off.
Why the Warrant to Hack in the Playpen Case Was an Unconstitutional General Warrant
Should the government be able to get a warrant to search a potentially unlimited number of computers belonging to unknown people located anywhere in the world? That’s the question posed by the Playpen case, involving the FBI’s use of malware against over 1000 visitors to a site hosting child pornography. The prosecutions resulting from this mass hacking operation are unprecedented in many ways, but the scope of the single warrant that purportedly authorized the FBI’s actions represents perhaps the biggest departure from traditional criminal procedure.
Facial Recognition, Differential Privacy, and Trade-Offs in Apple's Latest OS Releases
With new machine learning features in its latest phone and desktop operating system releases, Apple is exploring ways to provide cloud-based services and collect related user data with more regard for privacy. Two of these features—on-device facial recognition and differential privacy—deserve a closer look from a privacy perspective. While we applaud these steps, it’s hard to know how effective they are without more information from Apple about their implementation and methods.
Record Labels Make New Grab For Website-Blocking Power in YouTube-MP3 Suit
Major record labels are once again asking a court to give them power over the Internet’s basic infrastructure. This is the very power that Congress has refused to give them, and the very power they have proven unable and unwilling to use responsibly. This time, their alleged target is the website Youtube-MP3.org, a site that extracts the audio tracks from YouTube videos and allows users to download them.
NSA’s Failure to Report Shadow Broker Vulnerabilities Underscores Need for Oversight
An entity calling itself the “Shadow Brokers” took the security world by surprise this summer by publishing what appears to be a portion of the NSA’s hacking toolset. Government investigators now believe that the Shadow Brokers stole the cache of powerful NSA network exploitation tools when they were accidentally left on a computer located outside of the NSA’s network.
A Digital Rumor Should Never Lead to a Police Raid
If police raided a home based only on an anonymous phone call claiming residents broke the law, it would be clearly unconstitutional. Yet EFF has found that police and courts are regularly conducting and approving raids based on the similar type of unreliable digital evidence: Internet Protocol address information.
BaycloudSystems Joins EFF's Do Not Track Coalition
Baycloud Systems is the latest company to join the EFF's Do Not Track coalition, which opposes the tracking of users without their consent. Baycloud designs systems to help companies and users monitor and manage tracking cookies. Based in the UK, it provides thousands of sites across Europe with tools for compliance with European Union data protection laws.
miniLinks
Police surveillance: The US city that beat Big Brother
Grassroots activists in Oakland, CA took action against proposed police surveillance. The BBC reports.
How an Old Hacking Law Hampers the Fight Against Online Discrimination
The New Yorker on how the outdated Computer Fraud & Abuse Act impedes online discrimination research.
Librarians Stand Again Against FBI Overreach
“The Connecticut Four,” a group of librarians who challenged National Security Letters in 2005, explain why the Senate should not expand those powers now.
This newsletter is printed from 100% recycled electrons.
Reproduction of this publication in electronic media is encouraged.
View as a webpage
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 708
Unblinking Eyes: The State of Communications Surveillance in Latin America
We’re proud to announce the release of “Unblinking Eyes: The State of Communications Surveillance in Latin America,” a project in collaboration with partner organizations across the region to document and analyze surveillance laws and practices in twelve countries: Argentina, Brazil, Chile, Colombia, El Salvador, Guatemala, Honduras, Peru, Mexico, Nicaragua, Paraguay, and Uruguay.
Our reports, in both English and Spanish, show the need for comprehensive legal reform across Latin America to protect users from unlawful government surveillance. While every Latin American constitution we investigated recognizes a right to privacy and data protection, most countries do not implement those rights in a way that fully complies with international human rights standards. Overall, secrecy surrounding tactics and prevalence of surveillance is widespread in Latin America, and many countries have yet to develop a culture of transparency reporting by communications providers.
In addition to individual country reports from our international partners, EFF has produced a broader comparative report comparing laws and practices across countries, a legal analysis of the 13 Necessary and Proportionate Principles, and an interactive map summarizing our findings.
EFF Updates
Where WhatsApp Went Wrong: EFF's Four Biggest Security Concerns
After careful consideration, we have decided to add additional warnings and caveats about using WhatsApp to our Surveillance Self Defense guide. It is getting harder and harder to explain WhatsApp’s security pitfalls in a way that is clear, understandable, and actionable for users. This is especially true since WhatsApp’s announcement that it would be changing its user agreement regarding data sharing with the rest of Facebook’s services.
Patent Forum Shopping Must End
Forum shopping is rampant in patent litigation. Last year, almost 45 percent of all patent cases were heard in the Eastern District of Texas, a sparsely populated region. EFF, along with Public Knowledge, has filed an amicus brief urging the Supreme Court to hear a case that could end forum shopping in patent cases.
EFF Goes to Washington to Fight Against the Changes to Rule 41
If Congress does nothing, a new policy will take effect in less than two months that will make it easier than ever for the FBI to infiltrate, monitor, and damage computers remotely. With the threat of “Rule 41” changes looming, EFF went to DC to speak to policymakers about the future of computer security and the ramifications of government hacking.
Upload Filtering Mandate Would Shred European Copyright Safe Harbor
European regulators have finally released the full and final proposal on Copyright in the Digital Single Market, and unfortunately it's full of ideas that will hurt users and the platforms on which they rely, in Europe and around the world.
Tell the Copyright Office: Copyright Law Shouldn't Punish Research and Repair
After 18 years, we may finally see real reform to the Digital Millennium Copyright Act’s unconstitutional pro-DRM provisions. As locked-down copyrighted software shows up in more devices, people are realizing how important it is to be able to break those locks. If you can’t tinker with or repair it, then you don’t really own it—someone else does, and their interests will take precedence over yours.
Is Let’s Encrypt the Largest Certificate Authority on the Web?
Let’s Encrypt has issued its 12 millionth certificate, of which six million are active and unexpired. With these milestones, Let’s Encrypt now appears to us to be the the Internet’s largest certificate authority—but a recent analysis by W3Techs said we were only the third largest. So in this post we investigate: how big is Let’s Encrypt, really?
USA FREEDOM Act Requires Government to Declassify Any Order to Yahoo
In the wake of reports that the Foreign Intelligence Surveillance Court ordered Yahoo to scan all of its users’ email in 2015, there are many unanswered legal and technical questions. But before we can even begin to answer them, there is a more fundamental question: what does the court order say?
FCC Helped Create the Stingray Problem, Now it Needs to Fix It
The Baltimore Police Department is illegally using “Stingray” technology, which spies on cell phones by simulating a cellular tower. EFF recently supported a complaint to the Federal Communications Commission asking the agency to address Stingrays’ impact on speech, interference with 911 calls, and invasion of privacy.
Google Changes Its Tune When it Comes to Tracking Students
Since we submitted our FTC complaint about Google’s student privacy practices a little under a year ago, Google has made some encouraging changes. However, the core of our FTC complaint—that Google collects data on students using certain services despite promising not to do so—remains.
No One Owns Invisible Disabilities
The purpose of registered trademarks is to protect people. But when the U.S. Patent and Trademark Office issues overly broad or generic trademarks, those trademarks do just the opposite: they can expose us to the risk of legal bullying.
miniLinks
Facebook-backed school software shows promise — and raises privacy concerns
A new school software tool backed by Facebook raises student privacy concerns. The Washington Post reports.
Universities have turned over hundreds of patents to patent trolls
Which universities have sold the most patents to notorious mega-troll Intellectual Ventures? Yarden Katz digs into this question on Medium.
This newsletter is printed from 100% recycled electrons.
Reproduction of this publication in electronic media is encouraged.
Supported by Donors
If you aren't already, please consider becoming an EFF member today.
Donate Today
View as a webpage.
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 709
Open Access on the Frontlines for Transparency and Innovation
In most issues of EFFector, we give an overview of all the work we’re doing at EFF. Today, in light of the recent international celebration of Open Access Week, we’re doing a deep dive into a single issue: open access and how it drives public innovation and transparency.
The Internet should be a place where we can share ideas and educate ourselves unimpeded by unfair paywalls or backwards licensing—and the academic publishing world is at the frontlines of the battle to make it that way.
Academic research is a driving force behind technological innovations, medical breakthroughs, and policy decisions. The open access movement has been working for decades to make that research more open and accessible to the public. “Open access” refers to the practice of making research and other scholarly materials freely and immediately available online. Ideally, this happens under licenses that allow full reuse, sharing, and adaptation.
At first glance, this may not seem like a radical idea. Researchers tend to want to share their work; most research is federally funded and thus paid for by taxpayers; and public access to research pushes innovation forward. On top of all that, the Internet makes sharing and collaborating easier than ever, for professional researchers and amateur problem-solvers alike.
But academic publishing today is stuck in a traditional system that was built on paper, not on the web. In a paper world, we needed publishers as an intermediary between researchers and readers. In a digital world, however, giant publishers have taken on the role of gatekeepers and legal bullies.
This leaves us with a system in which publishers charge libraries and users exorbitant fees for access to subscription journals and paywalled databases. The average price for a one-year institutional subscription to a scholarly journal is in the thousands, with some specialty publications charging as much as $40,000.
Without a wealthy library or university footing the bill, ordinary users may have to pay upwards of $30 a pop to access research articles—a difficult proposition for a patient researching their medical care options, a high school student doing homework, a non-profit employee analyzing public policy, or an unemployed person getting up-to-date on their field while looking for a job.
The open access response to this restrictive status quo boils down to two primary goals: making research accessible, and making research reusable.
Free to Access
Universities and the federal government hold many of the keys when it comes to unlocking access to research. As these creators and funders of research change their policies, publishers will feel the pressure to migrate to open access business models.
Even Harvard University—the richest in America—cannot afford all the journal subscriptions its faculty and students need. To save funds and further its mission of creating and disseminating knowledge, Harvard established the country’s first university open access policy in 2008. Since then, the University of California system, MIT, the University of Oregon, Duke, and countless others have followed suit, often thanks to student activism.
The federal government funds a huge slice of the research world, both inside and outside of universities. In 2013, FASTR—the Fair Access to Science and Technology Research Act—was introduced, proposing that every federal agency that spends more than $100 million on research grants be required to adopt an open access policy. After all, when taxpayer dollars fund research from the likes of NASA and the NSF, the public should have access to that research.
Free to Reuse
Open access depends on more than removing cost barriers. It also means giving the public freedom to use research. Under the current academic publishing model, even the simple act of sharing can be a crime.
When Diego Gomez, a Master’s student in Colombia, shared a colleague’s thesis with other scientists over the Internet, he was doing what any grad student would do: sharing research he found useful so others could benefit from it. But the author of the paper filed a lawsuit, and Diego’s act of sharing became a copyright violation punishable by four to eight years in prison.
In the U.S., activist Aaron Swartz also met unjust charges on 13 criminal counts for downloading millions of articles from academic journal database JSTOR. The charges would have put him in jail for years under the Computer Fraud and Abuse Act.
If other users see Diego’s or Aaron’s cases and fear the consequences that can come with copyright infringement allegations, everyday activities like sharing academic resources can become intimidating. These cases remind us that sharing and building on existing research is integral to the open access vision. That could mean anything from translation to remixing to large-scale analysis. In an open access world, these innovative, collaborative actions would not be criminal.
Standing Up For Open Access
You can join EFF in speaking out for open access principles of transparency and innovation on national and international levels.
For a bill whose name sounds like “faster,” FASTR has been remarkably slow to move through Congress. EFF is rallying members of Congress to support FASTR now and ensure public access to public funded research.
Our activism to move FASTR is only the tip of the iceberg. Research exists within a web of laws that restrict the public’s access to and use of knowledge. EFF is working toward reform in areas including overbearing copyright law, patent practices, and the Computer Fraud and Abuse Act.
Internationally, we have been standing with Diego Gomez for two and a half years since his trial started—and we continue to stand with him and demand global open access today.
Fulfilling our shared human right to information with open access could be transformative. Only when research is available to everyone—not just those with large budgets or institutional connections—can we fully promote innovation and creativity.
miniLinks
A Tale of Two Dystopias: Order and Chaos on the Electronic Frontier
Open Technology Institute Director Kevin Bankston on science fiction, tech policy, and EFF.
Justice Department Releases Guidelines on Controversial Anti-Hacking Law
In its newly released Computer Fraud & Abuse Act guidelines, the DOJ admits that laws have not kept up with technology. The Intercept reports.
AT&T Is Spying on Americans for Profit, New Documents Reveal
The Daily Beast reveals AT&T documents about the secretive Hemisphere call records program.
[HR]
Supported by Donors
Our members make it possible for EFF to bring legal and technological expertise into crucial battles about online rights. Whether defending free speech online or challenging unconstitutional surveillance, your participation makes a difference. Every donation gives technology users who value freedom online a stronger voice and more formidable advocate.
If you aren't already, please consider becoming an EFF member today.
Donate Today
This newsletter is printed from 100% recycled electrons.
Reproduction of this publication in electronic media is encouraged.
MiniLinks do not necessarily represent the views of EFF.
View as webpage
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 710
Support the SMDH Act and Give Congress Time to Debate New Government Hacking Powers
The clock is ticking. If Congress doesn’t act now, the government will soon be able to use a search warrant to hack an untold number of computers located around the world.
Lawmakers are rightfully pushing to postpone these new hacking powers, arguing that Congress has not had sufficient time to debate these new powers and their privacy and security implications. We’ve supported previous delay efforts, and now we’re asking Congress to pass the Stalling Mass Damaging Hacking Act (the SMDH Act), which gives Congress until April 1 to consider these new hacking powers.
Despite lawmakers’ questions—and some less than helpful answers from the Justice Department—we still don’t know enough about how the government plans to use these new hacking powers, whether there are any privacy or security protections in place, and how government hacking can open up Internet users’ devices and networks to attacks from non-government hackers.
Congress needs more time to consider these questions and get more information in hearings before the new hacking powers go into effect. Call your senator today and tell them to support the Stalling Mass Damaging Hacking Act to give Congress that time.
EFF Updates
Protecting Tomorrow
Many supporters have contacted us with concerns about the election results. At this critical moment, we want digital civil liberties supporters worldwide to feel confident that EFF remains steadfast in its mission and method: to use law and technology to champion civil liberties and provide a potent check against overreach.
Tech Companies, Fix These Technical Issues Before It’s Too Late
The results of the election have put the tech industry in a risky position. President-elect Trump has promised to deport millions of our friends and neighbors, track people based on their religious beliefs, and undermine users’ digital security and privacy. He’ll need Silicon Valley’s cooperation to do it—and Silicon Valley can fight back.
E-Voting Machines Need Paper Audits to be Trustworthy
Election security experts concerned about voting machines are calling for an audit of ballots in the three states where the presidential election was very close: Michigan, Wisconsin and Pennsylvania. We join their call for an audit. This is an important election safety measure and should happen in all elections, not just those that have a razor-thin margin.
Obama Can Still Boost Transparency, Accountability Before Trump Takes Office
In a letter to the Obama administration this week, EFF and other civil liberties groups—including Demand Progress and OpenTheGovernment.org—are asking that the president shed some much-needed light on government actions that impact civil liberties ahead of his departure.
Grassroots Digital Rights Alliance Expands Across U.S.
It will take the concerted actions of our supporters to help EFF’s goals find their reflection in law, policy, technology, and culture. That’s why we launched the Electronic Frontier Alliance, a national network of grassroots groups from Atlanta to Austin taking action in their local communities to promote digital rights.
Who Has Your Back in Colombia? A New Report Shows Telecom Privacy Slowly Improving
While Colombia’s digital world continues to advance with 21st century technologies, the country’s privacy law has not kept pace. Colombian telecommunication companies have not yet stepped up to meet tech industry best practices related to privacy and transparency reporting. Nonetheless, two key members of Colombia’s telecommunications industry—ETB and Telefonica-Movistar—have improved their practices, with ETB leading the way.
Digital Security Tips for Protesters
Engaging in peaceful protest may put you at risk of search or arrest, having your movements and associations mapped, or otherwise becoming a target of surveillance and repression. Here we present 10 security tips for protesting in the digital age.
TPP: A Post-Mortem
The death of the Trans-Pacific Partnership has been confirmed by White House officials. This marks the end of a long-running campaign against the secretive agreement that EFF began back in 2012.
miniLinks
Want to Know if the Election was Hacked? Look at the Ballots
Electronic voting machines need to be backed up by audits of their paper trail. Alex Haldermann explains why on Medium.
Trump Presidency Fuels Heated Encryption Debate
CNET covers a debate on encryption between EFF Executive Director Cindy Cohn and former White House Director of Counterterrorism Daniel Rosenthal at the Versus16 conference in San Francisco.
Parliament Passes Most Extreme Surveillance Law in UK History
The UK parliament has passed the Investigatory Powers Bill, the most extreme surveillance bill yet. The Don't Spy On Us coalition gives the details.
Reproduction of this publication in electronic media is encouraged. MiniLinks do not necessarily represent the views of EFF.
This newsletter is printed from 100% recycled electrons.
View as a webpage
https://www.eff.org/files/2015/10/03...eader-blue.png
Dear Friend of Digital Freedom,
I am proud to tell you that EFF has just launched Privacy Badger 2.0! Our free browser tool helps hundreds of thousands of Internet users block third-party scripts and cookies that track you across the web. We hope you enjoy our latest round of improvements and join EFF to fight for technology that respects our rights.
Privacy Badger 2.0 is part of a growing number of EFF technology projects designed to protect your online freedom. EFF created HTTPS Everywhere to help ensure that you can connect to websites securely. We helped develop Let’s Encrypt, the free SSL certificate authority expanding the availability of encryption and taking the web by storm. We maintain Certbot, popular client software that eases the deployment of Let’s Encrypt certificates. EFF works on the side of ordinary users and advanced developers alike because together, we can build a safer, more privacy-friendly web.
You shouldn’t have to sacrifice your privacy to data miners in order to browse the web. Privacy Badger is here to help. Donate to EFF and strengthen these effective, practical solutions to protect privacy and help widen the path to a better digital future.
Fighting for your online rights,
Cooper Quintin
EFF Privacy Badger Developer & Staff Technologist
Thanks Calikid, just added that to Firefox via the mozilla addon page.
http://www.jonrb.com/emoticons/beer.gif
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 711
The Fights Behind Us, the Fights to Come: 2016 in Review
The digital rights landscape shifted dramatically in 2016. From the very first week, when EFF confirmed that T-Mobile was throttling customers’ video streams, to our year-end call to the tech community to protect users in the face of the incoming Trump administration, 2016 saw no shortage of threats to Internet users’ fundamental rights to privacy, free speech, and the freedom to access information online around the world.
In 2017, we are likely to see new efforts to ratchet up surveillance using increasingly sophisticated tools, attempts to silence dissent and expression, and attacks on the rights of users and innovators. Defending digital civil liberties is as essential as it's ever been, and our movement has never been as strong as it is now.
Check out these articles from our year in review series:
- HTTPS Deployment Growing by Leaps and Bounds
- Protecting Net Neutrality and the Open Internet
- Defending Student Data from Classrooms to the Cloud
- Censorship on Social Media
- Open Access Rewards Passionate Curiosity
- Technical developments in Cryptography
- This Year in U.S. Copyright Policy
- The Year in Government Hacking
- What Happened to Unlocking the Box?
- Top 5 Threats to Transparency
- DRM vs. Civil Liberties
- The Fight to Rein in NSA Surveillance
- The Patent Troll Abides
- Our Fight to Rein In the CFAA
- Dark Skies for International Copyright
- Congress Gives FOIA a Modest but Important Update For Its 50th Birthday
- Most Young Gig Economy Companies Way Behind On Protecting User Data
- Fighting for Fair Use and Safer Harbors
- Secure Messaging Takes Some Steps Forward, Some Steps Back
- Everybody Wants To Rule The World (Wide Web)
- Chipping Away at National Security Letters
- Shining a Spotlight on Shadow Regulation of the Internet
- Ringing in the New Year with Resistance
- Passing, Defeating, and Leveraging Legislation in California
- The Year We Went on Offense Against DRM
- Surveillance in Latin America
- The State of Crypto Law
EFF Updates
EFF Ad in Wired: Tech Community Must Secure Networks Against Trump Administration
In a full-page advertisement in Wired magazine, EFF published an open letter calling on technologists to secure computer networks against overreaches by the upcoming Trump administration and to protect a free, secure, and open Internet. The letter outlines four major ways the technology community can help: using encryption for every user transaction; practicing routine deletion of data logs; revealing publicly any government request to improperly monitor users or censor speech; and joining the fight for user rights in court, in Congress, and beyond.
Whistleblowers Don’t Need Elite Credentials To Help Protect Us from Government Overreach
Author Malcolm Gladwell recently name-checked EFF in an article published in The New Yorker explaining what he sees as the differences between whistle-blowers Edward Snowden and Daniel Ellsberg and concluding that Snowden doesn’t deserve the respect (or apparently the same legal protection) that Ellsberg does. As an organization that has extensive experience with trying to make change with whistleblower information, we sharply disagree with Mr. Gladwell’s conclusion, and even more so with how he gets there.
USTR Gets Piracy Website Listing Notoriously Wrong
The U.S. Trade Representative (USTR) has just released another edition of its periodic Notorious Markets List, a spotlight on websites and physical markets that it claims facilitate copyright or trademark infringement. This year, the focus is on stream ripping sites that take the audio from a YouTube video and makes it available for you to download—which is, in many cases, a legitimate and lawful activity. Also in the firing line are several cyberlocker sites, intermediary domain registrars, and online libraries Bookfi and Library Genesis.
Stupid Patent of the Month: Carrying Trays on a Cart
December’s Stupid Patent of the Month was especially relevant as people traveled home for the holidays: advertising trays for security screening, a patent so broad it covers almost any system of using trays and carts at a checkpoint. The owner of this patent, SecurityPoint Holdings, Inc., has sued the United States government for infringement and recently won a trial on validity. Together with Public Knowledge, we recently filed an amicus brief asking the Supreme Court to consider the obviousness standard in patent law.
miniLinks
New York Times: Cyberwar for Sale
The New York Times Magazine looks at the rise of private contractors selling hacking tools to governments. The article is based on leaked documents from a surveillance software maker showing just how dangerous and profitable the industry is.
Op-Ed: Why Trump must Save the Government's Privacy Board
An op-ed in POLITICO argues that incoming President Trump should save the Privacy and Civil Liberties Oversight Board, the five-member panel that is set to dwindle down to one member, leaving it without the ability to conduct its oversight of the U.S. intelligence community.
The Intercept: The U.S. Government Thinks that Thousands of Russian Hackers May Be Reading My Blog. They Aren’t.
The Intercept looked into a recent government report about Russian hackers and their supposedly identifying IP address and found flaws in the report because it didn’t account for the use of Tor.
Reproduction of this publication in electronic media is encouraged. MiniLinks do not necessarily represent the views of EFF.
This newsletter is printed from 100% recycled electrons.
View as a webpage
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 712
Watch our new video about encrypting the web.
In most issues of EFFector, we give an overview of all the work we’re doing at EFF. Today, we’re doing a deep dive into a single issue: EFF's efforts to encrypt the web and our new video with Baratunde Thurston.
https://www.youtube.com/watch?v=PdnpNJZVUE0
We're on a mission to encrypt the web. So we teamed up with the folks over at Sandwich Video and comedian and social critic Baratunde Thurston to spread the word about how you can use our tools to help.
Sandwich is the production company behind some of the best product launch videos in tech, and you may know Baratunde from his New York Times bestseller How To Be Black, or his work on The Daily Show and The Onion. We brought these creative forces together and made a video to show you why we need to continue moving from the non-secure HTTP to the more secure HTTPS and how you--with EFF tech tools HTTPS Everywhere and Certbot--can help us get there.
The web is in the middle of a massive change from HTTP to HTTPS. All web servers use one of these two protocols to get web pages from the server to your browser. HTTP has serious problems that make it vulnerable to eavesdropping and content hijacking. HTTPS fixes most of these problems. As Baratunde says in the video, “That ‘S’ makes all the difference. It’s for secure.”
For too long, website owners chose to implement HTTPS only for a small number of pages, like those that accepted passwords or credit card numbers. However, in recent years, the Internet security community has come to realize that all web pages need protection.
That’s why we and other like-minded organizations have been pushing for the use of HTTPS across the web. We’ve been calling on all website owners to implement HTTPS by default, and we’re providing the tools to do it.
One tool is HTTPS Everywhere, our browser extension that redirects users to HTTPS sites wherever possible. Many sites partially support HTTPS by making HTTPS available but sending visitors to the non-secure HTTP site by default. HTTPS Everywhere fixes that by redirecting requests to these sites to HTTPS when it’s available, automatically activating encryption and HTTPS protection that might otherwise slip through the cracks.
Our second tool is Certbot, which helps website operators set up encryption for their sites in a convenient and free way. Using a series of easy-to-follow interactive instructions, Certbot can automatically fetch custom certificates for your domain. It can also automatically configure your webserver to support encrypted traffic and even be set to renew that certificate whenever it’s close to expiring so that you never have to worry about it again.
In the video, Baratunde goes through our goal of encrypting the entire web and the reasons to use HTTPS Everywhere and Certbot. Watch and share the video, and start protecting yourself online today.
miniLinks
Microsoft: Privacy Announcement about Windows 10
Microsoft announced important and welcome privacy changes for Windows 10 users, though we're still waiting for more details.
.
Reason: The Cops Are Interested in Your Tattoos
Reason explains how automated tattoo recognition technology threatens civil liberties.
.
CPJ: Why the U.S. Needs to be a Global Leader in Protecting Strong Encryption
Obama failed to implement a strong policy protecting encryption. Donald Trump's comments on the campaign trail suggest the president-elect is unlikely to support measures to protect it.
.
Reproduction of this publication in electronic media is encouraged. MiniLinks do not necessarily represent the views of EFF.
This newsletter is printed from 100% recycled electrons.
To read more: View as a webpage
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 713
Our Plan for the First 100 Days of Trump’s Presidency
The United States has entered a new era. Donald Trump has sworn the oath of office, pledging to uphold the Constitution. But as EFF has learned in the course of defending our fundamental rights over four American presidencies, our civil liberties need an independent defense force.
The first 100 days will set the tone for the rest of Mr. Trump’s time in office. The transition team has laid out what they hope to accomplish over this period. Some of the things he and his team said have us preparing for the worst. Based on statements about surveillance, net neutrality, and press freedom, we anticipate attempts to undercut many of the hard-won protections for technology users and thwart efforts to reform broken laws.
So we’ve set out how we will fight for your rights over those first 100 Days, including continuing to defend digital rights in court, testing and leveraging the Freedom of Information Act, and holding Silicon Valley accountable.
EFF Celebrates Copyright Week
Copyright law not only impacts the music you hear or the movies you watch, it shapes your ability to communicate with others online, to create, post or share content to online platforms, to make art that talks back to popular culture, and to use, fix, and tinker with your own belongings. When copyright law is out of balance–when content holders are given too much power to control how new technologies and copyrighted works are used–it limits our basic freedoms to access information, to express ourselves, to control our own digital devices, and to innovate to create new tools and creative works.
Five years ago this week, a diverse coalition of Internet users, non-profit groups, and Internet companies defeated the Stop Online Piracy Act (SOPA) and the PROTECT IP Act (PIPA), bills that would have forced Internet companies to blacklist and block websites accused of hosting copyright infringing content. In the five years since SOPA, new threats have emerged. We continue to fight alongside our allies to push back against proposals that would expand copyright’s reach and trample on the public interest and push for a better copyright law that serves everyone, not just established copyright industries.
As part of that work, each year we join together with a diverse range of organizations to advocate for a set of principles for making copyright law work for everyone, including defending the public domain, protecting the right to tinker, and transparency and representation in the copyright policy setting process.
EFF Updates
EFF Applauds Obama’s Decision to Commute Chelsea Manning’s Sentence
As one of his very last acts in office, President Obama has commuted the sentence of whistleblower Chelsea Manning by 28 years. EFF applauds Obama for using his last days as president to bring justice to Manning’s case. And we congratulate all those who supported, defended, and spoke out on behalf of Manning over the years and supported her clemency petition. Your efforts secured her freedom.
EFF Pushes Back on Ruling that Threatens Free Speech Online
EFF is asking a court to overturn a ruling that could cripple online platforms that host and aggregate user reviews. In a brief filed in the U.S. Court of Appeals for the Ninth Circuit, EFF argues that a lower court got it wrong when it ruled that ConsumerAffairs.com could be held liable for reviews written by the site’s users—despite the fact that platforms like ConsumerAffairs.com have broad protections when they aggregate or otherwise edit users’ content. If the decision is allowed to stand, EFF’s brief argues, then platforms may take steps to further censor or otherwise restrict user content out of fear of being held liable.
Kazakhstan’s Legal Harassment, Abuse of Computer Law Finally Ends
The Republic of Kazakhstan’s legal harassment of independent newspaper Respublika and other fierce critics of the ruling regime has finally come to an end. Kazakhstan employed the deeply flawed U.S. hacking statute called the Computer Fraud and Abuse Act to mount a two-year campaign of harassment, censorship, and retaliation against the publication in courts around the world. The clock ran out on Kazakhstan’s lawsuit and the government finally dismissed it, but not before real damage was done to the free speech rights of the newspaper, which was forced to shut down, and other parties.
EFF Urges Court to Protect Free Speech From Overbroad Use of DMCA
In order to make remix videos, do computer research, or make e-books accessible, people often need to bypass access controls on the media they own. In a brief filed with the U.S. Court of Appeals for the Ninth Circuit, EFF argues that the government cannot prohibit such speech without running afoul of the First Amendment. The case centers around VidAngel, a service that allows customers to view movies minus the parts it identifies as offensive. We filed to ensure the court understands the impact on speech of an anti-circumvention law that does not include flexible accommodations like a fair use exemption.
miniLinks
Trump Pulls Out of TPP
President Donald Trump has formally pulled the United States from the Trans-Pacific Partnership, a trade deal that raised intellectual property concerns for the digital rights community.
SEC Probing Yahoo over Data Breaches
The Securities and Exchange Commission is investigating whether Yahoo should have notified investors about its two massive data breaches sooner, The Wall Street Journal reports.
China Gets Tough on VPNs
Chinese authorities are cracking down on services like virtual private networks that let residents gain unauthorized access to websites that have been blocked within the country, according to Reuters.
Reproduction of this publication in electronic media is encouraged. MiniLinks do not necessarily represent the views of EFF.
This newsletter is printed from 100% recycled electrons.
To read more: View as a webpage
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 714 - Pg 1 of 2
If You've Experienced a Digital Border Search, Tell Us Your Story
Following President Trump’s confusing executive order on terrorism and immigration, there have been reports that border agents at airports were searching the cell phones of passengers arriving from the Middle East, including U.S. permanent residents. We’re concerned that this indicates an expansion of the already invasive digital practices of U.S. Customs and Border Protection, so we’re asking for your digital border search stories.
Searching through Americans’ social media data and personal devices intrudes upon both First and Fourth Amendment rights. As part of our work to combat what we believe to be unconstitutional practices at the border, and to better understand how the Trump Administration’s new policies may be changing border practices, we would like to hear your stories.
Please let us know if a U.S. official at the border examined your cell phone, laptop, or other digital device; asked for your device’s passcode or ordered you to unlock or decrypt it; or asked for your social media handles. We would like to hear from everyone, but especially if you are a citizen or permanent resident (green card holder) of the United States.
Ethiopian Hacking Case Continues in Court
Can foreign governments spy on Americans in America with impunity? That was the question in front of the U.S. Court of Appeals for the District of Columbia Circuit last week, when EFF and others went to court in Kidane v. Ethiopia.
Despite the numerous issues on appeal, the argument focused on whether U.S. courts have jurisdiction to hear a case brought by an American citizen for wiretapping and invasion of his privacy that occurred in his living room in suburban Maryland. As we've argued, the question of whether U.S. courts can provide a remedy to an American who was wiretapped shouldn't turn on where the eavesdropper was sitting, but rather where the actual wiretapping occurred.
Ethiopia's lawyer took the position that the country should be able to do anything to Americans in America, even set off a car bomb, as long as Ethiopia didn’t have a human agent in the United States. One judge asked what would happen if Ethiopia mailed a letter bomb into the United States to assassinate an opponent, or hacked an American's self-driving car, causing it to crash. Ethiopia didn't hesitate: their counsel said that they could not be sued for any of those.
The Supreme Court's Digital Rights To-Do List
The Supreme Court already has a list of digital civil liberties issues to consider in the near future, and that list is likely to grow. If confirmed, President Donald Trump’s nominee to fill the late Justice Antonin Scalia’s seat on the Supreme Court—Judge Neil Gorsuch of the U.S. Court of Appeals for the Tenth Circuit—will be in a position to make crucial decisions affecting our basic rights to privacy, free expression, and innovation.
On the privacy front, the Supreme Court is being asked to consider a pair of cases dealing with law enforcement obtaining cell phone location records: the U.S. v. Graham ruling out of the Fourth Circuit Court of Appeals and the U.S. v. Carpenter out of the Sixth Circuit Court of Appeals. On free speech, the court is set to hear arguments on Packingham vs. North Carolina and consider the constitutionality of a North Carolina law that bans registered sex offenders from using online social media platforms that minors also access.
When it comes to intellectual property issues, the court has agreed to hear arguments in a case centered around where patent infringement lawsuits can be brought and arguments in a case about whether a patent holder can put limits on how a customer can use, resell, tinker with, or analyze a patented product a customer has purchased. The court is also being asked to hear arguments in cases that consider how copyright holders should be held accountable for unreasonable infringement claims and whether the Patent Office's appeals board uses the correct standard when determining obviousness of issued patents.
EFF Updates
News and Government Sites Switch to HTTPS
The last year has seen enormous progress in encrypting the web. Two categories in particular have made extraordinary strides: news sites—including Wired, BuzzFeed, The New York Times, and The Guardian—and U.S. government sites.The common thread between the news industry’s huge progress and the federal government’s huge progress in deploying HTTPS? Metrics. Reports like like EFF’s 2013 Encrypt the Web Report, the General Service Administration's Pulse, and Freedom of the Press Foundation's Secure the News provide important insight into how much progress is being made and an incentive for individual sites to improve.
California Advances Bills to Protect Residents Data from Federal Government
The California Senate recently moved forward with two new state bills that would create a database firewall between California and the federal government. One, S.B. 54, would prevent law enforcement agencies in California from sharing department databases or private information with the federal government for immigration enforcement and would require state agencies to update their confidentiality polices so that they stop collecting or sharing unnecessary data about every Californian. Another, S.B. 31, would prevent local and state government agencies from collecting data, sharing data, or using resources to participate in any program that would create a registry of people based on their religion, ethnicity, or national origin.
We Want a Copyright Office that Serves the Public
The Copyright Office, and those who lead it, should serve the public as a whole, not just major media and entertainment companies. In comments to the leadership of the House Judiciary Committee this week, we told Congress that if it restructures the Copyright Office, it has to put in safeguards against the agency becoming nothing more than a cheerleader for large corporate copyright holders.
Federal Court Says Public Safety Laws Can Be Locked Behind Paywalls
Everyone should be able to read the law, discuss it, and share it with others, without having to pay a toll or sign a contract. Unfortunately, a federal district court has recently said otherwise, ruling that private organizations can use copyright to control access to huge portions of our state and federal laws. In its ruling, the court ordered Public.Resource.Org—which posts public documents, including regulations created through private standards organizations and later made into law—to stop providing public access to these key legal rules.
Copyright Alert System Closure Leaves Questions
The Copyright Alert System has called it quits, but questions remain about what, if anything, will replace the private agreement between several large Internet service providers (ISPs) and big media and entertainment companies. That agreement allowed the media and entertainment companies to monitor those ISPs' subscribers' peer-to-peer network traffic for potential copyright infringement, and imposed penalties on subscribers accused of infringing. EFF had serious concerns with the program from the start, and we welcome its retirement. But we’re not celebrating just yet.
An Unsatisfying Update on Operation Choke Point
EFF recently received dozens of pages of documents in response to a FOIA request we submitted about Operation Choke Point, a Department of Justice project to pressure banks and financial institutions into cutting off service to certain businesses. While Operation Choke Point was purportedly aimed at shutting down fraudulent online payday loan companies, we became concerned that this campaign could also affect legal online businesses. Unfortunately, the response from the Department of Justice leaves many questions unanswered.
Issue 714 continued in next post
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 714 - Pg 2 of 2
miniLinks
Judges Split on Data Stored Abroad
A federal judge has ordered Google to turn over users' emails stored in servers located abroad in compliance with search warrants, despite the fact that a federal court said last year that Microsoft did not have to turn over data stored abroad, Reuters reports.
Behind the Scenes at the FBI
The Intercept does a deep dive into the largely-unknown rules governing the FBI.
Cyber Executive Order Delayed
President Donald Trump delayed the signing of an executive order that was reportedly aimed at bolstering the federal government's cybersecurity protections, according to Bloomberg.
Reproduction of this publication in electronic media is encouraged. MiniLinks do not necessarily represent the views of EFF.
This newsletter is printed from 100% recycled electrons.
To read more: View as a webpage
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 715
Tell Congress to Protect Our Online Privacy Rights
Records of your online activity reveal a tremendous amount about you. That's why the FCC put in place critical broadband privacy protection rules late last year to protect your right to privacy online. Now, some members of Congress are looking to completely erase those rules and let your Internet service provider sell information about what you look at, what your purchase, and who you talk to online.
If that weren't enough, the method Congress would use -- passing a Congressional Review Act resolution -- would effectively permanently ban the FCC from ever writing new privacy rules. Because of the current legal landscape, the Federal Trade Commission is already barred from policing Internet service providers. So if Congress repeals the rules, there will be no federal cop on the beat for Internet privacy, and your sensitive Internet activity could be sold to the highest bidder.
We're Halfway to Encrypting the Web
The movement to encrypt the web has reached a milestone. As of earlier this month, approximately half of Internet traffic is now protected by HTTPS. In other words, we are halfway to a web safer from the eavesdropping, content hijacking, cookie stealing, and censorship that HTTPS can protect against.
Mozilla recently reported that the average volume of encrypted web traffic on Firefox now surpasses the average unencrypted volume. Google Chrome’s figures on HTTPS usage are consistent with that finding, showing that over 50% of of all pages loaded are protected by HTTPS across different operating systems.
Our goal is a universally encrypted web. Until then, we have more work to do. Protect your own browsing and websites with tools like HTTPS Everywhere and Certbot, and spread the word to your friends, family, and colleagues to do the same. Together, we can encrypt the entire web.
Lawmakers Call for Warrants for Cell-Site Simulators
A new bipartisan report from U.S. lawmakers showcases troubling details about police abuse of cell-site simulators and calls on Congress to pass laws ensuring that this powerful technology is only deployed with a court-issued probable cause warrant.
EFF has long opposed law enforcement’s use of cell-site simulators as incompatible with the protections of the Fourth Amendment because they indiscriminately gather information on countless innocent people who have the misfortune of being in the vicinity of a suspect target. They also disproportionately burden minority communities.
Unless and until cellular technology evolves beyond the vulnerability that makes cell-site simulators possible, we’re advocating for strong regulation, transparency, and public oversight of the use of such technology by law enforcement. Accordingly, we applaud the report from Reps. Jason Chaffetz and Elijah Cummings, which provides new information to the public about these shadowy tools and recommends important privacy safeguards.
EFF Updates
Sen. Wyden Stands up for Fourth Amendment at the Border
This week Sen. Wyden sent a letter to Homeland Security Secretary John Kelly announcing plans to introduce legislation that would require law enforcement agencies to obtain a warrant before searching the data on digital devices at the border. We have been arguing for a while that the Fourth Amendment requires a warrant based on probable cause for border searches of cell phones, laptops, and other mobile devices, and we applaud Wyden for trying to “guarantee that the Fourth Amendment is respected at the border.”
EFF Tells Copyright Office: Safe Harbors Work
The “notice-and-takedown” process for addressing online copyright infringement isn’t perfect: it’s often abused to remove lawful speech from the Internet. But it many cases this process works pretty well, particularly because of the safe harbors that protect Internet services that comply with the law. EFF submitted comments to the Copyright Office this week arguing that safe harbors help protect the Internet as a viable and accessible platform for free expression and innovation, ensuring that online platforms are encouraged to experiment with new forms of communication and connection without threat of costly legal action.
Microsoft's Fight Over Government Requests for Data Moves Ahead
A federal court in Seattle recently allowed Microsoft to move ahead with its challenge to the law that lets courts impose indefinite gag orders on Internet companies when they receive requests for customer data. It’s an important ruling, with implications for a range of government secrecy provisions, including national security letters. Unfortunately, the court also dismissed Microsoft’s Fourth Amendment claim on behalf of its users.
San Diego Police Targeted African American Children for Unlawful DNA Collection
Police in San Diego, California unlawfully stopped a group of African American children and collected their DNA to add to the department's DNA database, according to a lawsuit filed recently by the ACLU Foundation of San Diego & Imperial Counties on behalf of one of the families affected. The police department's actions, as alleged in the complaint, illustrate the severe and very real threats to privacy, civil liberties, and civil rights presented by granting law enforcement access to our DNA.
Government Malware Goes After Mexican Public Health Advocates
A group of Mexican nutrition policy makers and public health workers have been the latest targets of government malware attacks. According to The New York Times, several public health advocates were targeted by spyware developed by NSO Group, a surveillance software company that sells its products exclusively to governments. The targets were all vocal proponents of Mexico’s 2014 soda tax—a regulation that the soda industry saw as a threat to its commercial interests in Mexico.
Reproduction of this publication in electronic media is encouraged. MiniLinks do not necessarily represent the views of EFF.
This newsletter is printed from 100% recycled electrons.
To read more: View as a webpage
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 716
EFF's How-To Guide to Privacy at the Border
Increasingly frequent and invasive searches at the U.S. border have raised questions for those of us who want to protect the private data on our computers, phones, and other digital devices. In response, EFF has released a guide to give travelers the facts they need in order to prepare for border crossings while protecting their digital information.
“Digital Privacy at the U.S. Border” helps everyone do a risk assessment, evaluating personal factors like immigration status, travel history, and the sensitivity of the data you are carrying. Assessing your risk factors helps you choose a path to proactively protect yourself, which might mean leaving some devices at home, moving some information off of your devices and into the cloud, or using encryption. In addition to the full report, EFF has also created a pocket guide for helping people concerned with data protection.
According to EFF Senior Staff Attorney Adam Schwartz, “The border is not a Constitution-free zone, but sometimes the rules are less protective of travelers and some border agents can be aggressive." Schwartz called for "clearer legal protections for everyone, but in the meantime, our report and pocket guides aim to put more power back into the hands of travelers.”
U.S. Court: Foreign Governments Can Remotely Harm Americans
A federal court held in a recent ruling that foreign governments are free to spy on, injure, or even kill Americans in their own homes--so long as they do so by remote control.
The decision comes in a case about a U.S. citizen whose family home computer was attacked by malware that captured and then sent his every keystroke and Skype call to a server controlled by the Ethiopian government, likely in response to his political activity in favor of democratic reforms in Ethiopia.
The U.S. Court of Appeals for the District of Columbia Circuit ruled that the citizen had no legal remedy against Ethiopia for this attack, despite the fact that he was wiretapped at home in Maryland. The court held that, because the Ethiopian government hatched its plan in Ethiopia and its agents launched the attack that occurred in Maryland from outside the U.S., a law called the Foreign Sovereign Immunities Act prevented U.S. courts from even hearing the case.
Under this decision, you have no recourse under law if a foreign government hacks into your car and drives it off the road, targets you for a drone strike, or even sends a virus to your pacemaker, as long as the government planned the attack on foreign soil.
Congress Is About to Let Your ISP Get Creepier
If Congress moves ahead with plans to repeal the FCC's broadband privacy rules, your ISP will be able to do more and creepier things to you when you go online.
In addition to selling information about what you do and who you talk to online--which is already creepy enough--your ISP would also be able to hijack your searches so that you go directly to certain websites instead of seeing your search results. Your ISP would also be able to use new ways to track your every move online to place targeted ads in front of you. This could include injecting ads into your traffic based on your browsing history and injecting undetectable, undeletable tracking cookies in all of your HTTP traffic. It could also result in mobile carriers pre-installing software on your phone to track your Internet activity.
ISPs are telling Congress that this move won't really affect consumers, but we know that's not true. Congress repealing these privacy rules would leave Internet users with no protection at the federal level from the creepy things their ISPs want to do to them.
Call your lawmakers today to tell them to oppose this effort to kill the FCC's privacy rules.
EFF Updates
The Supreme Court's Dissapointing Diaper Patent Ruling
The U.S. Supreme Court recently issued a disappointing ruling in a case over a patent on adult diapers that makes it easier for patent trolls to bring lawsuits long after the alleged infringement supposedly started. The 7-1 decision will allow trolls to sit around while others independently develop and build technology. The troll can then jump out from under the bridge and demand payment for work it had nothing to do with.
EFF Presents the 2017 Foilies
In honor of Sunshine Week earlier this month, EFF compiled the third-annual "Foilies," our anti-awards identifying the times when access to information has been stymied or when government agencies have responded in the most absurd ways to records requests. Highlights include current Vice President Mike Pence's use of a private AOL email account to conduct official business as Indiana governor, the Public Health Agency of Canada's use of tape and paper to redact information in documents sent to a journalists, and a local California police department's tactic of spreading fake news.
Don't Let Big Pharma, Big Content Control Domain Seizures
Domain seizure by the U.S. Department of Homeland Security's Immigration and Customs Enforcement is already a messy and imperfect system. Take, for example, the recent seizure of vicodin.com despite the fact that it belongs to the manufacturer and registered trademark holder for Vicodin. But domain seizure by private companies, a plan being pushed by Big Pharma and Big Content, will likely result in the number of mistaken domain seizure skyrocketing, and victims will likely have even less recourse than they have against a government seizure.
Payment Processors Acting as Online Censors
Adult social network FetLife has lost its ability to process credit card payments in the latest attempt from payment processors to censor sites when they dislike those sites' constitutionally protected speech. The ban appears to have come down from one of the credit card networks, which shut down both of the merchant accounts that FetLife used to process payments, justifying this to one merchant with complaints about "blood, needles, and vampirism" on the website, and to the other with the vague explanation of "illegal or immoral reasons".
Maryland Moves to Reclaim University Innovation from Trolls
Maryland is considering legislation that would keep public universities from selling or licensing their patents to patent assertion entities whose sole business model is threatening other innovators with patent lawsuits. The bill being considered in Maryland is modeled after draft legislation written as part of Reclaim Invention, a campaign from EFF and partner organizations to encourage universities across the country to commit to adopting patent policies that advance the public good.
California Bill Would Keep Kids Online
Youth in California's juvenile detention and foster care programs should have secure and supervised access to the Internet. That's why EFF is supporting a new state bill to establish that youth in custody have a right to “reasonable access to computer technology and the Internet for the purposes of education and maintaining contact with family and supportive adults" and to establish the right of youth in foster care to have access to computers and the Internet.
miniLinks
Trump Administration Enacts Device Ban on Planes
The Trump administration has prohibited passengers traveling on direct inbound flights from airports in 10 Muslim-majority countries from carrying on devices larger than a cell phone.
Twitter Sees Increase in Government Requests for Data
In its newest transparency report, Twitter said it saw a 7 percent increase in government requests for data during the second half of 2016.
Google, Jigsaw Offer Cyber Defense Tools to Election Groups
Google and sister company Jigsaw are expanding their free cyber defense toolkit to civic groups and election organizers in the wake of recent high profile hacks, including the DNC's data breach during the 2016 election.
Reproduction of this publication in electronic media is encouraged. MiniLinks may not represent the views of EFF.
This newsletter is printed from 100% recycled electrons.
To read more: View as a webpage
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 4/1/2017
EFF Updates
Surveillance Oversight Committees Confused ‘Oversight’ and ‘Overlook’
The bipartisan leaders of the House and Senate Intelligence Committees apologized during a press conference this morning for failing to provide rigorous supervision of the intelligence community, blaming past years’ inaction on a fundamental misunderstanding of the word “oversight.” “It was merely a miscommunication,” House Intelligence Chairman Devin Nunes said. “We had mixed up the word ‘oversee’ and the word ‘overlook.’ We thought we were supposed to overlook the mistakes of the intelligence community, not provide oversight.” Senate Intelligence Committee Richard Burr said, “We unequivocally condone the privacy invasions committed by U.S. intelligence agencies. Oh shoot, I mean condemn.”
European Union Announces Plan for Privacy Wall Around U.S.
European Union Commissioner for Justice Vera Jourova announced plans today to permanently protect Europeans’ data from U.S. government spying with the newest transnational data agreement: Privacy Wall. Once approved by the European Commission, the EU will begin constructing a thirty-foot wall around the United States. Only U.S. tech companies that comply with EU privacy restrictions and prohibit U.S. government access to their data will be given fiber optic grappling hooks to transport Europeans’ data across the Atlantic, over the wall, and back to their U.S.-based servers. U.S. lawmakers appeared unfazed by U.S. companies’ complaints that Privacy Wall will effectively kill their business abroad, but they responded to alarm bells raised by officials in the intelligence community who are concerned about losing generalized access to Europeans’ data.
In Major Mix-Up, Oscars for Best Film Goes to Most Torrent-ed Movie
The Academy Awards suffered an astounding embarrassment this week when presenters Alfonso Ribeiro and Mayim Bialik incorrectly handed out the Oscar for Best Film to the most-frequently torrent-ed movie of 2016, Deadpool, instead of the actual winner, Moonlight. Hollywood is blaming the mistake on accounting firm PricewaterhouseCoopers, which is responsible for guarding the envelopes containing names of both Oscars winners and TorrentFreak’s list of most frequently torrent-ed films. Having been left off the list of Best Film nominees all together, Deadpool director Tim Miller and lead actor Ryan Reynolds were not in attendance at Sunday night’s Oscars, giving Kanye West time to take the stage and correct the mistake.
FBI Seeks Technical Backdoor to Un-Mute iPhones
Frustrated by silence on conference calls, the FBI is asking Apple to provide a backdoor so that the agency can un-mute iPhones across the world without the iPhone users’ consent. “It’s incredibly frustrating when you’re waiting for someone to chime in on a conference call, and they’re still on mute,” FBI Director Jim Comey said at a press conference today. Comey appeared unmoved by arguments from technology and civil liberties advocates that creating a backdoor into all iPhones would undermine the privacy and security of tens of millions of technology users around the world. “Our work to protect this country’s national security is too important to wait the seconds it takes for our analysts to unlock and un-mute their phones,” Comey said. When asked if the FBI was seeking a similar accommodation from Android-developer Google, Comey at first laughed, but quickly sobered and asked “wait, people still use Android?”
EFF Releases Surveillance Self Defense for In-Person Meetings
EFF is out with an updated Surveillance Self Defense guide today that includes, for the first time, security tips for in-person meetings. Highlights include recommendations for verifying a person’s identity, evading facial recognition systems, and circumventing censorship. For instance, you should have anyone you meet print off their public PGP key on red paper, fold that paper into the shape of a flower, and pin that paper flower to their label. Additionally, the guide recommends drawing Kiss-style shapes on your face with eyeliner to protect yourself from facial recognition technology and constantly carrying around a bullhorn so you can shout louder than anyone trying to limit your free speech.
EFF Gives Posthumous Lifetime Achievement Pioneer Award to Perfect 10
EFF is awarding a 2017 Pioneer Award to recently-defunct men’s magazine and prodigious copyright-litigation-loser, Perfect 10. EFF established the Pioneer Awards in 1992 to recognize leaders on the electronic frontier who are extending freedom and innovation in the realm of information technology. The awards celebrate those who have contributed substantially to the health, growth, accessibility, or freedom of computer-based communications. Perfect 10 is receiving a posthumous lifetime achievement Pioneer Award this year for its cutting-edge strategy of losing copyright lawsuits in order to advance the doctrine of fair use. After losing cases against Amazon, Google, CCBill, and Megaupload, Perfect 10 was finally liquidated in March of this year to satisfy a litigation debt to yet another victorious defendant, Giganews. We salute Perfect 10’s dozen-year campaign to help make the Internet more free by consistently losing in court. Bravo!
Intelligence Community Unveils Emotional Vulnerabilities Program
Director of National Intelligence Dan Coats today revealed a new program by which the U.S. Intelligence Community will, when appropriate, disclose information about emotional vulnerabilities it discovers in the course of its national security work. Building off of the widely celebrated success of the vulnerabilities equities process (which still exists, we think?), U.S. intelligence agencies will begin sharing and sometimes publishing information about the personality quirks it discovers as it conducts surveillance of law-abiding Americans. “We hope to make the country more secure by letting people know that their roommate has arachnophobia, their brother is addicted to tanning beds, and their mother has a fear of being abandoned by her children,” said Coats after flinching away from a pigeon that wasn’t even flying toward the DNI.
miniLinks
White House Supports Day without a (Internet) Troll
Following the success of the Day Without a Woman general strike in March, the White House has thrown its support behind today’s Day without a Troll strike, during which all Internet trolls will disappear from comment sections and forums online.
Comcast to Assimilate with the Borg
Looking to increase its market share, nationwide reach, and overall reputation for evil, the Borg has announced that it is assimilating broadband giant Comcast. “This merger will benefit consumers and boost broadband competition, and the federal government should quickly approve it,” Comcast’s David Cohen said in a statement. “Plus, resistance is futile.”
White House Releases Diceware Passphrase List
In an attempt to demonstrate President Donald Trump’s tech savvy, the White House has released a list of suggested words to use when attempting to create a secure passphrase. "Our list has the best words," said White House Press Secretary Sean Spicer. "Words like tremendous, disaster, MAGA, big-league, low-energy, beautiful, and winning. Sad!"
FBI Director Acknowledges Secure Backdoors Are Impossible
FBI Director Jim Comey said today that his agency, agreeing with technical experts, has officially concluded that it is impossible to create a backdoor into encrypted technologies without undermining users’ security. Nope, even that’s too ridiculous for an April Fool’s newsletter.
Reproduction of this publication in electronic media is encouraged. MiniLinks may not represent the views of EFF.
This newsletter is printed from 100% recycled electrons.
To read more: View as a webpage
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 718
May 2017
What You Need to Know About 'About' Searches
In most issues of EFFector, we give an overview of all the work we’re doing at EFF. Today, we’re doing a deep dive into a single issue: the NSA's recent announcement that it will no longer conduct "about" searches as part of its Upstream surveillance.
You may have seen the NSA in the news lately announcing that it will no longer use one of its most controversial surveillance techniques.
This is a win for privacy protections, for groups like EFF fighting unlawful surveillance in the courts, and for anyone who pushed for surveillance reform by signing a petition, contacting their lawmakers, or otherwise voicing their concerns about warrantless spying. But it’s only a first step.
So what exactly did the NSA say it would stop doing?
Late in the day on a Friday in April, The New York Times reported—and the agency quickly confirmed—that the NSA will no longer conduct “about” searches of the full content of Internet communications.
“About” searches are searches of online communications—including to and from innocent Americans—that the NSA runs after it intercepts and copies communications directly from the high-capacity cables that carry Internet traffic as a part of its Upstream program. The U.S. government has claimed these warrantless searches of Americans’ email are allowed under Section 702, enacted as part of the FISA Amendments Act, which is set to expire at the end of the year.
While the NSA will continue to look through the “to” and “from” fields of communication to see if they contain any identifiers that the agency has determined are connected to foreign intelligence targets, they will no longer look through the body of those communications to see if they mention—or are “about”—these identifiers. Not only did the NSA stop these searches, the agency said it would delete the “vast majority” of the information it collected under Section 702 “to further protect the privacy of U.S. person communications.”
The NSA has long defended these “about” searches as both necessary for national security and impossible to avoid due to the technical limitations of the Upstream program. In the NSA’s own announcement, it acknowledged that losing “about” searches would cost it “some other important data.”
The NSA’s willingness to give up what it has described as a crucial tool as well as go back and delete communications it has already collected was a welcome but somewhat shocking development.
But, as the NSA admitted, this decision was a result of “inadvertent compliance incidents,” or violations of court-imposed restrictions. In other words, the court tasked with overseeing the NSA’s surveillance programs told the NSA it shouldn’t be doing these privacy-invasive searches of Americans’ communications.
And that’s an argument we’re familiar with. For nearly a decade, EFF has argued in court that “about” searches and other searches and seizures of Americans’ communications without a warrant are unconstitutional. In a case currently in federal court—Jewel v. NSA—EFF is suing the NSA over “about” searches and other privacy-invasive aspects of Upstream surveillance under Section 702.
Despite prolonged stalling from the U.S. government, we’re in the process of finally getting some answers about how the NSA’s surveillance actually works. At the end of this week, we’ll be back in court to figure out just what information the government has to hand over as part of our lawsuit.
In addition to continuing to fight in the courts, EFF is calling on lawmakers to stand up for the privacy of their constituents as Congress considers reauthorizing Section 702 before it expires at the end of this year. These changes should include codifying the NSA’s announced end of “about” searches.
The breadth of these “about” searches was one of the reasons the NSA swept up so many innocent Americans’ communications, so the announced end of “about” searches is good news for anyone who wants government surveillance to follow the law. But there’s much more to be done to rein in unconstitutional spying.
Tell your representatives in Congress to protect their constituents’ privacy and let warrantless Upstream surveillance lapse when Section 702 sunsets at the end of the year. And stay up to date on EFF’s fight in court to end the government’s unlawful invasion of your privacy.
miniLinks
Global Ransomware Attacks Might Be Linked to North Korea, Researchers Say
Two cybersecurity firms say North Korea may be linked to the recent ransomware attack that has infected hundreds of thousands of computers around the world, according to Reuters.
FBI Director James Comey Ousted by Trump
President Donald Trump has fired FBI Director James Comey as the agency investigates whether Trump's advisers colluded with Russian officials during the 2016 campaign.
Pentagon Turns to AI to Fight ISIS
The Pentagon is turning to machine learning and videos filmed by drones in its efforts to fight ISIS, Defense One reports.
Reproduction of this publication in electronic media is encouraged. MiniLinks may not represent the views of EFF.
This newsletter is printed from 100% recycled electrons.
To read more: View as a webpage
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 720
June 2017
We're Suing the FBI for Records About Best Buy Geek Squad Informant
A federal case in California has revealed that the FBI has been working for several years to cultivate informants in Best Buy’s national repair facility in Brooks, Kentucky, including reportedly paying eight Geek Squad employees as informants. According to court records, the scheme would work as follows: customers with computer problems would take their devices to the Geek Squad for repair. Once Geek Squad employees had the devices, they would surreptitiously search the unallocated storage space on the devices for evidence of suspected child porn images and then report any hits to the FBI for criminal prosecution
We think the FBI’s use of Best Buy Geek Squad employees to search people’s computers without a warrant threatens to circumvent people’s constitutional rights. That’s why we filed a Freedom of Information Act (FOIA) lawsuit against the FBI seeking records about the extent to which it directs and trains Best Buy employees to conduct warrantless searches of people’s devices.
EFF has long been concerned about law enforcement using private actors, such as Best Buy employees, to conduct warrantless searches that the Fourth Amendment plainly bars police from doing themselves. The key question is at what point does a private person’s search turn into a government search that implicates the Fourth Amendment.
Despite Transparency Promises, Intel Agencies Won't Give Congress Info on Spying Law Impact
Lawmakers should know how the laws they pass impact their constituents. That’s especially true when the law would reauthorize a vast Internet and telephone spying program that collects information about millions of law-abiding Americans.
But that’s exactly what the Intelligence Community wants Congress to do when it considers reauthorizing a sweeping electronic surveillance authority under the expiring Section 702, as enacted by the FISA Amendments Act, before the end of the year.
Intelligence officials have been promising Congress they would provide lawmakers with an estimate of the number of American communications that are collected under Section 702. That estimate is a critical piece of information for lawmakers to have as they consider whether and how to reauthorize and reform the warrantless Internet surveillance of millions of innocent Americans in the coming months.
But during a hearing on Section 702 in front of the Senate Intelligence Committee, Director of National Intelligence Dan Coats, despite previous assurances, said he won’t be providing that estimate out of national security and, ironically, privacy concerns.
Questions on Printer Dot Tracking after Arrest of NSA Leaker
EFF's work on a secret tracking code embedded in many printed documents is back in the news, as journalists and experts have recently focused on the fact that a scanned document published by The Intercept contained tiny yellow dots. Those dots allow the document's origin and date of printing to be ascertained, which could have played a role in the arrest of Reality Leigh Winner, accused of leaking the document.
EFF has previously researched this tracking technology at some length; our work on it has helped bring it to public attention, including in a somewhat hilarious video.
While this tracking technology is pervasive in color laser printers--thanks to secret agreements between governments and the printer industry--it's quite possible that printer dots did not play any role in this investigation at all. However the government identified its suspect in this case, it's worth remembering that forensic techniques are very powerful and can often reveal the origins of documents in unexpected ways.
EFF Updates
A Day of Action to Save Net Neutrality
Net neutrality is under assault once again, with the Federal Communications Commission looking to reverse the legal underpinnings of its 2015 rules that keep ISPs from blocking or slowing customers' access to certain websites and services. It’s our Internet, and we will defend it. If you remember the censor bar of the online protests opposing SOPA in 2012 or the spinning wheel of Internet Slowdown Day in 2014, you know that the Internet can rise up and force regulators to listen in times of great need. Now is such a time. Mark your calendars for a day of digital protest on July 12.
EFF Asks Court to Dismiss Terrorism Claims Against Twitter
Holding Twitter responsible for users' discussions of terrorist activities would threaten the First Amendment as well as legal protections for Internet platforms, EFF recently told a federal court. In a brief filed to the U.S. Court of Appeals for the Ninth Circuit, we argued that Twitter should not be held legally responsible for providing material support to terrorists by providing accounts to users who discussed and promoted terrorism. Finding Twitter responsible would impede on the First Amendment right of Internet users to access unpopular speech, the First Amendment right of Twitter to publish unpopular speech, and Section 230, as enacted by the Communications Decency Act, which protects Internet platforms from being held responsible for their users' actions.
Federal Circuit Hits Stupid Patent Owner With Fee Award
Patent litigation abuse thrives when patent trolls can force defendants into making a hard choice: pay the troll (even though the claim is absurd) or potentially pay even more to your lawyers to fight the case in court. This week, the Federal Circuit issued an encouraging ruling that will make it harder to use this gambit. Overturning a contrary decision by the patent-friendly Eastern District of Texas, the appellate court required a notorious patent troll that appears to be practicing this model to pay the defendant’s attorney’s fees. This case should make it at least a little bit easier easier for defendants to choose not to pay the troll.
Comcast Continues to Fight Net Neutrality Protections
If you've been following the network neutrality debate at all, you've probably seen Comcast's campaign to rewrite its long history of opposing net neutrality protections. But the company's own statements to Congress, the FCC, and to the courts make Comcast's true goal abundantly clear: free rein to use its market power to become an Internet gatekeeper. Despite their recent public statements in support of the idea of net neutrality, Comcast has repeatedly pushed back on rules that would protect Internet users' ability to do what they want online.
Supreme Court Takes Up Cell Phone Tracking Case
The Supreme Court has said it will take up a cell phone tracking case, giving the court the chance to apply Fourth Amendment privacy protections to cell phone location data. The case, United States v. Carpenter, involves long-term, retrospective tracking of a person’s movements using information generated by his cell phone and gives the court an opportunity to continue its recent pattern of applying Fourth Amendment protections to sensitive digital data. It may also limit or even reevaluate the so-called “Third Party Doctrine,” which the government relies on to justify warrantless tracking and surveillance in a variety of contexts. EFF filed an amicus brief urging the Supreme Court to take Carpenter and a related case, so we’re hopeful the Court will rule in favor of strong constitutional protections.
The State Department's Plan to Search Visa Applicants' Social Media Accounts
EFF, the Brennan Center for Justice and others are joining forces to oppose yet another federal program to scrutinize the social media accounts of foreign visitors to the United States. Specifically, in an attempt to uncover would-be terrorists, the U.S. State Department has empowered consular officials to ask visa applicants who raise preliminary suspicions to disclose the existence of the social media accounts, and the identifiers or handles associated with those accounts, that the applicants have used over the past five years. These proposals threaten the digital privacy and freedom of expression of innocent foreign travelers, and the many U.S. citizens who communicate with them.
miniLinks
Continues next post.
Reproduction of this publication in electronic media is encouraged.
MiniLinks may not represent the views of EFF.
This newsletter is printed from 100% recycled electrons.
EFF
Issue #720
June 2017
Continued:
miniLinks
First Amendment Group Criticizes Trump for Twitter Blocking.
The Knight First Amendment Institute has written to President Donald Trump, warning him that his blocking of Twitter users on his @realDonaldTrump account could violate the Constitution's free speech protections.
U.S. Lawmakers Look at WannaCry Attacks.
A House committee will hold a hearing this week on the global WannaCry ransomware attacks last month.
'The Long, Lonely Road of Chelsea Manning'.
Following her recent commutation, The New York Times Magazine profiles Chelsea Manning, including her decision to disclose classified information in 2010 and the resulting time she spent in prison.
Reproduction of this publication in electronic media is encouraged.
MiniLinks may not represent the views of EFF.
This newsletter is printed from 100% recycled electrons.
To read more: See Newsletter as webpage
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 721
July 2017
Tell Congress: End Warrantless Spying, Don't Make it Permanent
Lawmakers are getting serious about renewing the U.S. government’s Internet spying powers, so we need to get serious about stopping their bad proposals.
Sen. Tom Cotton has introduced legislation that would not just reauthorize, but make permanent the expiring measure that the government says justifies the warrantless surveillance of innocent Americans’ online communications. That measure is Section 702, as enacted by the FISA Amendments Act. Cotton's bill (S. 1297) is supported by several Republicans in the Senate, including Senate Intelligence Chairman Richard Burr and Sens. John Cornyn, John McCain, and Lindsey Graham.
Section 702 surveillance violates the privacy rights of millions of people. This warrantless spying should not be allowed to continue at all, let alone be made permanent as is. Luckily, there’s already opposition to the proposal. Sen. Dianne Feinstein--whose defense of warrantless surveillance has historically been sympathetic to the intelligence community--has said she can not support a bill that makes Section 702 permanent.
Now we need other members of Congress to take the same stand. We cannot let lawmakers ignore our privacy concerns and their own responsibility to review surveillance law, and our lawmakers need to hear that. Sign our petition today and tell Congress to oppose S. 1297 and the permanent reauthorization of Section 702 spying.
Stand Up for Net Neutrality on July 12
With net neutrality rules on the line, we need to give the world an idea of what the Internet will look like if the FCC goes forward with its plan to dismantle open Internet protections.
Less than two years after the FCC finally adopted a legally viable Open Internet Order, and less than one year after the courts finally upheld real net neutrality protections, the new FCC Chair, Ajit Pai, has put those protections on the chopping block. If he succeeds, broadband service providers will be free to create Internet fast lanes for those who can afford them--meaning slow lanes for anyone who can’t pay to play, like startups offering innovative services, not to mention libraries, schools, and nonprofits. They will also be free to steer you to the content they choose--often without you knowing it.
We can't let that happen. On July 12, EFF is joining a huge coalition of nonprofits and companies in a day of action to stand up for net neutrality. One simple way that organizations, companies, and even individuals can participate is to install our widget. If you’ve installed the widget on your website, then on July 12, visitors will be greeted with an alarming preview of the Internet without net neutrality protections. This widget will send a clear message to your site’s visitors: giving up protections for net neutrality will give ISPs a frightening amount of control over your Internet experience.
The Supreme Court Decision Saving Small Businesses from Bad Patents
Three years ago, the Supreme Court ruled that an abstract idea does not become eligible for a patent simply by being implemented on a generic computer. Since then, the ruling--Alice v. CLS Bank--has provided a lifeline for real businesses threatened or sued with bogus patents.
On the third anniversary of Alice, EFF is launching a new series called Saved by Alice where we’ll collect these stories of times when Alice came to the rescue. Over the next few weeks, we’ll be sharing stories of business owners large and small. These stories all have one thing in common: someone with a patent on an abstract idea sued a small business, and that business could have lost everything. But Alice saved the day.
But now Alice is under attack. A few loud voices in the patent lobby want to amend the law to bring back these stupid patents. It’s time to tell the stories of the individuals and businesses that have been sued or threatened with patents that shouldn’t have been issued in the first place.
EFF Updates
Zillow Threatens Architecture Humor Blog
Real estate site Zillow sent an aggressive cease and desist letter to architecture humor blogger Kate Wagner, demanding that Wagner remove from her website, McMansion Hell, any image originally sourced from Zillow’s site. EFF responded on Wagner's behalf with a letter explaining why none of Zillow’s contentions had merit. Faced with real opposition, Zillow quickly withdrew its threat and said it won't be seeking to take down any of the posts on McMansion Hell. We hope that other companies seeking to shut down humor, criticism, and parody online see this as a cautionary tale and avoid sending threats in the first place.
Antitrust Laws Won't Cut it for Net Neutrality Protections
U.S. antitrust law is not up to the challenge of protecting the open Internet and is not an adequate substitute for the FCC's net neutrality rules. Antitrust law is an economic doctrine that gives little if any weight to freedom of expression and other noneconomic values secured by net neutrality. If a practice is not clearly harmful to competition--a definition that is narrower than most people think--it does not matter how much that practice represses speech, distorts access to knowledge, or intrudes on privacy. Nor does antitrust law address the "gatekeeper" problem posed by an ISP's control over your conduit to information. Opponents of net neutrality may say otherwise, but antitrust lawyers can't protect the open Internet. We need Title II, and those who care about net neutrality need to defend it.
When Secret Investigations Aren't So Secret
The government should not be allowed to impose gag orders on information that is already publicly known. EFF led a group of civil society organizations in filing a brief in an alarming case pending in federal court that centered around an investigation of private Facebook content earlier this year. Facebook has described the investigation as "known to the public," and the timing and venue match the January 20th, 2017 Presidential Inauguration protests (known as “J20”). Our brief demands that the court apply a stringent constitutional test before enforcing gag orders accompanying a number of secret search warrants. It also argues that the First Amendment rarely, if ever, allows gag orders in such cases, where the government seeks to limit public scrutiny of high-profile and potentially politicized investigations.
Canada's Supreme Court Allows Global Censorship
A country has the right to prevent the world’s Internet users from accessing information, according to Canada's highest court. In a decision late last month that has troubling implications for free expression online, the Supreme Court of Canada upheld a company’s effort to force Google to de-list entire domains and websites from its search index, effectively making them invisible to everyone using Google’s search engine. The court ignored concerns expressed by EFF and others that forcing Google to globally de-list would expand the power of any court in the world to edit the entire Internet, whether or not the targeted material or site is lawful in another country. Instead, it ruled that because Google was subject to the jurisdiction of Canadian courts by virtue of its operations in Canada, courts in Canada had the authority to order Google to delete search results worldwide.
Reproduction of this publication in electronic media is encouraged. MiniLinks may not represent the views of EFF.
This newsletter is printed from 100% recycled electrons.
To read more: View as a webpage
EFF Issue #721 Pg.2
Copyright Offices Leaves Fundamental Flaws in DMCA 1201 Untouched
The U.S. Copyright Office is passing up the chance to reverse course on an especially restrictive offshoot of copyright law. The Office just released a long-awaited report about Section 1201, the law that blocks everything from video remix, to security research, to repair of electronic devices. The law broadly bans the circumvention of digital restrictions on copyrighted works without adequately preserving the rights you have to use copyrighted works, leading to massive unintended consequences. It takes power from end-users and gives it to manufacturers and publishers to control the use of your computing devices and even hide spyware and security vulnerabilities from you. Despite years of evidence that the social costs of the law far outweigh any benefits, the Copyright Office is mostly happy with the law as it is and commends the 'control' it offers to rightsholders. The Office does recommend that Congress enact some narrow reforms aimed at protecting security research, repair activities, and access for people with disabilities. We’re disappointed the Office didn’t take a stronger stance to rein in a law that has gone far beyond copyright's traditional sweep to the detriment of research, innovation, and speech.
Small ISPs Rally Behind Net Neutrality Rules
As FCC Chairman Ajit Pai tries to dismantle net neutrality protections, often citing alleged harm the rules have caused to ISPs, dozens of small ISPs are coming to the rules' defense. In a recent letter, more than 40 ISPs told the FCC that they have had no problem with the Open Internet Order and that it hasn't hurt their ability to develop and expand their networks. What is more, they want the FCC to do its job and address the problem Congress created when it repealed the broadband privacy rules in March. These ISPs are taking a stand for network neutrality because they know Chairman Pai's plan will hurt them as well as their subscribers.
Still Standing with Diego
A few weeks ago, we joined the global open access community in celebrating that Diego Gomez had finally been cleared of criminal charges for sharing scientific research over the Internet without permission. Unfortunately, the fight is not over yet. The ruling has been appealed to the Tribunal de Bogota, a Colombian appellate court. The Karisma Foundation, a Colombian NGO that has been coordinating Diego’s legal defense, has now launched a campaign to raise money for this expensive next step of Diego’s defense. EFF is proud to stand with Karisma and Diego.
miniLinks
Girl Scouts Roll Out Cybersecurity Badges
The Girl Scouts of the U.S.A. are introducing 18 new badges aimed at teaching the organization's young women about cybersecurity threats.
Orange is the New Hack
Variety takes a look at how a post-production sound company's data security gaps led to the leak of Netflix hit "Orange is the New Black."
U.S. Voter Data Exposed by Data-Mining Firm
Cybersecurity analysts say a Republican data-mining firm inadvertently made public information about nearly 200 million U.S. voters
Reproduction of this publication in electronic media is encouraged. MiniLinks may not represent the views of EFF.
This newsletter is printed from 100% recycled electrons.
To read more: View as a webpage
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 722nd
Aug 2017
Who Has Your Back?
While many technology companies continue to step up their privacy game by adopting best practices to protect sensitive customer information when the government demands user data, telecommunications companies are failing to prioritize user privacy when the government comes knocking. Even tech giants such as Apple, Facebook, and Google can do more to fully stand behind their users.
EFF's seventh annual “Who Has Your Back” report digs into the ways many technology companies are getting the message about user privacy in this era of unprecedented digital surveillance.
We evaluated the public policies at 26 companies and awarded stars in five categories, with nine companies earning a perfect five-star score this year: Adobe, Credo, Dropbox, Lyft, Pinterest, Sonic, Uber, Wickr, and Wordpress. Each has a track record of defending user privacy against government overreach and improved on their practices to meet the more stringent standards in this year's Who Has Your Back.
AT&T, Comcast, T-Mobile, and Verizon scored the lowest, each earning just one star. While they have adopted a number of industry best practices, like publishing transparency reports and requiring a warrant for content, they still need to commit to informing users before disclosing their data to the government and creating a public policy of requesting judicial review of all National Security Letters.
Tell Congress: We Want Trade Transparency Reform Now!
The failed Trans-Pacific Partnership (TPP) was a lesson in what happens when trade agreements are negotiated in secret. Powerful corporations can lobby for dangerous, restrictive measures, and the public can't effectively bring balance to the process. Now, some members of Congress are seeking to make sure that future trade agreements, such as the renegotiated version of NAFTA, are no longer written behind closed doors. We urge you to write your representative and ask them to demand transparency in trade.
Passage of this bill may be the best opportunity that we'll have to avoid a repetition of the closed, secretive process that led to the TPP. With the renegotiation of NAFTA commencing with the first official round of meetings in Washington, D.C. next month, it's urgent that these transparency reforms be adopted soon. You can help by telling your representative in Congress to support the bill in committee.
EFF Updates
Deciphering China's VPN Ban
Apple removed several Virtual Private Network (VPN) applications that allowed users to circumvent China's extensive Internet censorship apparatus from its Chinese mainland app store. In effect, the company has once again aided the Chinese government in its censorship campaign against its own citizens.
By locking down their devices, Apple can be forced to strip a feature—access to the full, global Internet—from its own products. When the manufacturer controls what kind of software you can have on your devices, it creates a single chokepoint for free expression and privacy.
Internet Censorship Bill Would Spell Disaster for Speech and Innovation
There's a new bill in Congress that would threaten your right to free expression online.
Don't let its name fool you: the Stop Enabling Sex Traffickers Act (SESTA, S. 1693) wouldn't help punish sex traffickers. What the bill would do is expose any person, organization, platform, or business that hosts third-party content on the Internet to the risk of overwhelming criminal and civil liability if sex traffickers use their services. For small Internet businesses, that could be fatal: with the possibility of devastating litigation costs hanging over their heads, we think that many entrepreneurs and investors will be deterred from building new businesses online.
Bassel Khartabil, In Memoriam
Bassel Khartabil—the Syrian open source developer, blogger, entrepreneur, hackerspace founder, and free culture advocate—has been executed by the Syrian authorities. Noura Ghazi Safadi, his wife, received confirmation of her husband's death by the Assad-led Syrian government this month.
We at EFF are heartbroken at the news of Bassel's unjust and unlawful killing. The single consolation is that Bassel, before and after his detention, inspired so many to join the cause he cared so much about.
Stupid Patent of the Month: HP Patents Reminder Messages
The Patent Office recently issued a patent to HP on reminder messages. It's yet another example of the Patent Office failing to consider real products when assessing prior art before issuing a patent. Set yourself a reminder message: this stupid patent on reminder messages will expire on December 16, 2035.
Throttling on Mobile Networks May Be a Sign of Things to Come
Major mobile carriers are slowing down video streams, a net neutrality violation that heralds things to come if they get their way and roll back legal protections against data discrimination.
Right now, these throttling technologies seem to be used to slow down video data generally, rather than to favor the ISP's content over competitors, but that reality may not be far off.
Without net neutrality protections, little will stop carriers from using that same throttling infrastructure to discriminate against competitors, speech they dislike, or your favorite app.
The Pregnancy Panopticon
There are a staggering number of applications for Android and iOS which claim to help people keep track of their monthly cycle, know when they may be fertile, or track the status of their pregnancy. These apps entice the user to input the most intimate details of their lives.
EFF and Gizmodo reporter Kashmir Hill have taken a look at some of the privacy and security properties of nearly twenty different fertility and pregnancy tracking applications.
After uncovering several privacy issues and security flaws, we conclude that while these applications may be useful and engaging, women should carefully consider the privacy and security tradeoffs before deciding to use any of these applications.
Librarians Call on W3C to Rethink its Support for DRM
The International Federation of Library Associations and Institutions (IFLA) has called on the World Wide Web Consortium (W3C) to reconsider its decision to incorporate digital locks (sometimes referred to as digital rights management or simply DRM) into official HTML standards.
The IFLA expressed concern that making it easier to impose tech-based protections against infringement without accommodating "legitimate uses of work" puts librarians and other professionals in legal danger when they come across DRM in the course of their work.
EFF is in the process of appealing W3C's controversial decision, and we're urging the standards body to adopt a covenant protecting security researchers from anti-circumvention laws.
Border Agents May Not Search Travelers’ Cloud Content
Border agents may not use travelers' laptops, phones, and other digital devices to access and search cloud content "regardless of whether those servers are located abroad or domestically," according to a new document by U.S. Customs and Border Protection published by NBC on July 12.
Much more must be done to protect travelers' digital privacy at the U.S. border. An excellent first step would be to enact Sen. Wyden's (D-OR) bipartisan bill to require border agents to get a warrant before searching the digital devices of U.S. persons.
Australian PM Calls for End-to-End Encryption Ban
When Australian Prime Minister Malcolm Turnbull stated that "[t]he laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia," he was rightly mocked for this nonsense claim.
A ban on end-to-end encrypted messaging in Australia would have no effect on law breakers, who would simply switch to apps that use strong end-to-end encryption. It would instead hurt ordinary citizens who rely on encryption to make sure that their conversations are private.
If enough countries go down the same misguided path, the future could be a new international agreement banning strong encryption. Indeed, the Prime Minister's statement is explicit that this is what he would like to see.
Newsletter continues as a webpage.
Reproduction of this publication in electronic media is encouraged.
MiniLinks may not represent the views of EFF.
This newsletter is printed from 100% recycled electrons.
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 723.
8/25/2017.
Open Access Can’t Wait. Pass FASTR Now.
When you pay for federally funded research, you should be allowed to read it. That’s the idea behind the Fair Access to Science and Technology Research Act (S.1701, H.R.3427), which was recently reintroduced in both houses of Congress.
Under FASTR, every federal agency that spends more than $100 million on grants for research would be required to adopt an open access policy. The bill gives each agency flexibility to implement an open access policy suited to the work it funds, so long as research is available to the public after an "embargo period" of a year or less.
Part of what's important about open access is that it democratizes knowledge: when research is available to the public, you don't need expensive journal subscriptions or paid access to academic databases in order to read it.
FASTR is a huge step in the right direction and can be used as a foundation for stronger open access in the future.
.
Fighting Neo-Nazis and the Future of Free Expression.
On the Internet, any tactic used now to silence neo-Nazis will soon be used against others, including people whose opinions we agree with.
For any content hosts that do reject content as part of the enforcement of their terms of service, or are pressured by states to secretly censor, we have long recommended that they implement procedural protections to mitigate mistakes—specifically, the Manila Principles on Intermediary Liability.
In GoDaddy and Google's eagerness to distance themselves from American neo-Nazis, no process was followed. Policies give guidance as to what we might expect, and an opportunity to see justice is done. We should think carefully before throwing them away.
EFF Updates.
DOJ Backs Down From Overbroad J20 Warrant. But Problems Still Remain..
The government has backed down significantly in its fight with DreamHost about information related to the J20 protests. Late on Tuesday, DOJ filed a reply in its much publicized attempt to get the hosting provider to turn over a large amount of data about a website it was hosting, disruptj20.org—a site that was dedicated to organizing and planning protests in Washington, D.C. on the day of President Trump's inauguration.
In the brief, DOJ substantially reduces the amount of information it is seeking, including some of the most obvious examples of overreach.
2017 Pioneer Award Winners Named.
EFF announced recently that whistleblower and activist Chelsea Manning, Techdirt editor and open internet advocate Mike Masnick, and IFEX executive director and global freedom of expression defender Annie Game are the distinguished winners of the 2017 Pioneer Awards, which recognize leaders who are extending freedom and innovation on the electronic frontier.
The award ceremony will be held on September 14 in San Francisco. The keynote speaker is Emmy-nominated comedy writer Ashley Nicole Black, a correspondent on Full Frontal with Samantha Bee who uses her unique comedic style to take on government surveillance, encryption, and freedom of information.
Thai Activist Jailed for the Crime of Sharing an Article on Facebook.
Thai activist Jatuphat "Pai" Boonpattaraksa was sentenced recently to two and a half years in prison—for the crime of sharing a BBC article on Facebook. The Thai-language article profiled Thailand's new king and, while thousands of users shared it, only Jutaphat was found to violate Thailand's strict lese majeste laws against insulting, defaming, or threatening the monarchy.
Jatupat's case is only the latest in the Thai government's increasingly repressive and arbitrary attempts to chill expression online and censor content critical of the state.
Congress is at Home, So Pay Your Members a Visit.
Members of Congress go back to their home districts in August. Constituents can request meetings with them during this time by contacting their local congressional offices. If you do so with a few local allies, you'll likely be able to meet with staffers and perhaps even your member of Congress directly.
With so many issues vital to digital rights looming in the congressional calendar, this August is a critical time for Internet users to pressure Congress to do the right thing on mass surveillance, net neutrality, and rules that insulate platforms for liability based on content written by users.
How Captive Portals Interfere With Wireless Security and Privacy..
If you have ever wanted to use the wireless Internet at a coffee shop or library, you have probably had to click through a Terms of Service screen with an "I agree" button to do it. These kinds of screens are called captive portals, and they interfere with wireless security without providing many user benefits.
HTTPS sites trigger false-positive "untrusted connection" warnings that train users to ignore them completely, and the presence of a log-in window may lead users to inaccurately believe that wireless networks with captive portals are safer than those without.
For most networks, captive portals don't provide access benefits, they only make users less safe.
EFF’s 2016 Annual Report..
At EFF, we keep very busy. Our past is invariably tangled with the present—long-running court cases that stretch on for years, and hard-won battles that it turns out we have to re-visit. Our 2016 Annual Report includes reflections from several EFF staff members on the work we do, and why we do it. In looking back, we look forward with fresh resolve. We hope you will, too.
EFF Wins Court Ruling Upholding Invalidation of Bad Patent That Threatened Podcasters.
EFF won a court ruling this month affirming that an infamous podcasting patent used by a patent troll to threaten podcasters big and small was properly held invalid by the U.S. Patent and Trademark Office.
A unanimous decision by a three-judge panel of the U.S. Court of Appeals for the Federal Circuit will, for now, keep podcasting safe from this patent.
miniLinks.
YouTube's Crackdown on Extremist Content and ISIS is Also Hurting Researchers and Journalists..
Content censorship on YouTube interferes with the work of professionals trying to document abuses. (Business Insider)
Building America's Trust Act Would Amp Up Privacy Concerns at the Border..
A bill calling for increased use of surveillance technology at U.S. borders elicits concern from privacy advocates. (ArsTechnica)
Palestinian Leader Curbs Social Media Expression in Decree.
.
The Palestinian president imperils free speech in a cryptic mandate. (AP News)
Reproduction of this publication in electronic media is encouraged. MiniLinks may not represent the views of EFF.
This newsletter is printed from 100% recycled electrons.
To read more: View as a webpage
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 724.
9/15/2017.
Defend Our Online Communities: Stop SESTA
A new bill is working its way through Congress that could be disastrous for free speech online. EFF is proud to be part of the coalition fighting back.
The Stop Enabling Sex Traffickers Act (SESTA) would weaken 47 U.S.C. 230 (commonly known as "CDA 230" or simply "Section 230"), which protects Internet intermediaries—individuals, companies, and organizations that provide a platform for others to share speech and content over the Internet. This includes social networks like Facebook, video platforms like YouTube, news sites, blogs, and other websites that allow comments.
SESTA would shift more blame for users' speech to the web platforms themselves, which would likely spur web communities to become much more restrictive in how they patrol and monitor users' contributions.
EFF, ACLU Sue Over Warrantless Phone, Laptop Searches at U.S. Border
EFF and the American Civil Liberties Union sued the Department of Homeland Security this week on behalf of 11 travelers whose smartphones and laptops were searched without warrants at the U.S. border.
The lawsuit challenges the government's fast-growing practice of searching travelers' electronic devices without a warrant, and seeks to establish that the government must have a warrant based on probable cause to suspect a violation of immigration or customs laws before conducting such searches.
EFF Updates
We're Asking the Copyright Office to Protect Your Right to Remix, Study, and Tinker
EFF has filed new petitions with the Copyright Office to give those in the United States protection against legal threats when you take control of your devices and media. We're also seeking broader, better protection for security researchers and video creators against threats from Section 1201 of the Digital Millennium Copyright Act.
DMCA 1201, an unconstitutional law, bans "circumvention" of access controls on copyrighted works—including software—and bans making or distributing tools that circumvent such digital locks. In effect, it lets hardware and software makers, along with major entertainment companies, control how your digital devices are allowed to function and how you can use digital media. It also creates legal risks for security researchers, repair shops, artists, and technology users.
With iOS 11, More Options to Disable Touch ID Means Better Security
Prior to the public release, some vigilant Twitter users using the iOS 11 public beta discovered a new way to quickly disable Touch ID by just tapping the power button five times, an improvement on previously known and relatively clunky methods for disabling Touch ID.
This is good news for users, particularly those who may be in unpredictable situations with physical security concerns that change over time. We call on other manufacturers to follow Apple's lead and implement this kind of design in their own devices.
Judge Cracks Down on LinkedIn’s Shameful Abuse of Computer Break-In Law
A judge recently issued an early ruling against LinkedIn's abuse of the notorious Computer Fraud and Abuse Act (CFAA) to block a competing service from perfectly legal uses of publicly available data on its website. LinkedIn's behavior is just the sort of bad development we expected after the United States Court of Appeals for the Ninth Circuit delivered two dangerously expansive interpretations of the CFAA's ban on "unauthorized access."
We're asking the Supreme Court to step in and provide a clear, unequivocal ruling that using a computer in a way that violates corporate policies, preferences, and expectations cannot be grounds for a CFAA violation.
India’s Supreme Court Upholds Right to Privacy as a Fundamental Right
A recent judgment by the Supreme Court of India endorsed the right to privacy as a fundamental right. Arising from a challenge to India's biometric identity scheme Aadhaar, the judgment clarifies that privacy is intrinsic to human dignity and liberty.
The judgment calls for the government to create a data protection regime that balances safeguarding the privacy of the individual and the legitimate concerns of the state.
Will TPP-11 Nations Escape the Copyright Trap?
Latest reports confirm that the Trans-Pacific Partnership (TPP) is being revived. The agreement had been shelved following the withdrawal of the U.S. from the negotiation process, but those eager to keep the pact alive have rallied support to move forward with the agreement.
A recent statement by New Zealand's Prime Minister suggests that countries favor an approach that seeks to replicate TPP provisions with minimal number of changes. Avoiding renegotiation or opening up of TPP will lead to enactment of its flawed and untested provisions—including the copyright term extension—with far-reaching ramifications on innovation, creativity and culture.
miniLinks
AI Will Soon Identify Protesters With Their Faces Partly Concealed (Motherboard)
Researchers are quickly figuring out how to identify obscured faces, and governments are quickly figuring out how to exploit that.
Virginia Bars Voting Machines Considered Top Hacking Target (Politico)
In an effort to prevent election tampering, Virginia will not use touchscreen voting machines for November’s gubernatorial vote.
Reproduction of this publication in electronic media is encouraged. MiniLinks may not represent the views of EFF.
This newsletter is printed from 100% recycled electrons.
To read more: View as a webpage
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation
Issue 725.
10/6/2017.
No Airport Biometric Surveillance
Facial recognition, fingerprinting, and retina scans—the government could extract all of these and more from travelers at checkpoints throughout domestic airports.
The TSA Modernization Act (S. 1872) would authorize the U.S. Transportation Security Administration and U.S. Customs and Border Protection (CBP) to deploy "biometric technology to identify passengers" throughout our nation's airports, including at "checkpoints, screening lanes, [and] bag drop and boarding areas."
Today, CBP is subjecting travelers on certain outgoing international flights to facial recognition screening. The bill would expand biometric screening to domestic flights as well, and would increase the frequency that a traveler is subjected to biometric screening (not just once per trip).
EFF opposes S. 1872 as well as similarly invasive data collection bills S. 1757 and H.R. 3548., both of which target U.S. borders.
Phish for the Future
"Phish for the Future", an advanced persistent spearphishing campaign targeting digital civil liberties activists at Free Press and Fight for the Future, appears to have been aimed at stealing credentials for various business services including Google, Dropbox, and LinkedIn. We were unable to determine what the secondary goal of the campaign was after the credentials were stolen. The attackers were remarkably persistent, switching up their attacks after each failed attempt and becoming increasingly creative with their targeting over time.
Although this phishing campaign does not appear to have been carried out by a nation-state actor and does not involve malware, it serves as an important reminder that civil society is under attack.
It is our recommended best practice to secure all accounts with two-factor authentication so that trusted compromised accounts can't be used in the service of more effective spearphishing attacks.
EFF Updates
No Justification for Spanish Internet Censorship During Catalonian Referendum
The Spanish government censored the Internet with ruthless efficiency before and during the referendum vote on Catalonian independence on October 1.
Examples of overreach include a censorship order blocking current and future referendum-related content publicized on any social network by a member of the Catalonian Government, as well as a court order requiring Google to remove a voting app from the Google Play app store. On the day of the referendum itself, the Internet was shut down at polling places.
The Spanish government's censorship of online speech during the Catalonian referendum period is wildly disproportionate and overbroad.
Will the Equifax Data Breach Finally Spur the Courts to Recognize Data Harms?
This summer 143 million Americans had their most sensitive information breached from Equifax's database. Misuse of this data can lead to financial devastation or, if a criminal uses stolen information to commit fraud, can lead to the breach victim being arrested and prosecuted.
Courts, too narrowly focused on financial losses directly traceable to a breach, too often dismiss lawsuits based on a cramped view of what constitutes "harm." So far, the federal bills being floated in response to the Equifax breach and earlier breaches do not remove the obstacles to victims bringing legal claims.
Google Will Survive SESTA. Your Startup May Not.
In response to the suggestion that members of Congress should consider how SESTA might affect small Internet startups, not just giant companies like Google and Facebook, Sen. Richard Blumenthal's (D-CT) response was "I believe that those outliers—and they are outliers—will be successfully prosecuted, civilly and criminally under this law."
In that unusual moment of candor, Sen. Blumenthal seemed to lay bare his opinions about Internet startups—he thinks of them as unimportant outliers and would prefer that the new law put them out of business.
Internet startups would take the much greater hit from SESTA than large Internet firms would, but ultimately, those most impacted would be users themselves.
Apple Does Right By Users and Advertisers Are Displeased
With the new Safari 11 update, Apple addresses how your browsing habits are tracked and shared with parties other than the sites you visit. In response, Apple is getting criticized by the advertising industry for "destroying the Internet's economic model."
Safari has been blocking third-party cookies by default since releasing Safari 5.1 in 2010. The new Safari update, with Intelligent Tracking Prevention, closes loopholes around third-party cookie-blocking by using machine learning to distinguish the sites a user has a relationship with from those they don't, and treating the cookies differently based on that.
Azure Confidential Computing Heralds the Next Generation of Encryption in the Cloud
The new gold standard for cloud application encryption will soon be the cloud provider never having access to the user's data—not even while performing computations on it.
Microsoft has become the first major cloud provider to offer developers the ability to build their applications on top of Intel's Software Guard Extensions (SGX) technology, making Azure "the first SGX-capable servers in the public cloud." Azure customers in Microsoft's Early Access program can now begin to develop applications with the "confidential computing" technology.
The underlying technology is not yet perfect, but it's efficient enough for practical usage, stops whole classes of attacks, and is available today. Secure enclaves have the potential to be a new frontier in offering users privacy in the cloud.
miniLinks
First Open-Access Data From Large Collider Confirm Subatomic Particle Patterns
For the first time, independent physics researchers have uncovered a new method to explain particle behavior using publicly-available data. (Phys.org)
Challenge to Data Transfer Tool Used by Facebook Will Go to Europe’s Top Court
Due to concerns over the U.S. government's mass surveillance programs, the European Court of Justice is now tasked with determining if EU citizens' privacy rights are sufficiently protected during Facebook data transfers. (TechCrunch)
Reproduction of this publication in electronic media is encouraged. MiniLinks may not represent the views of EFF.
This newsletter is printed from 100% recycled electrons.
To read more: View as a webpage
https://www.eff.org/sites/all/themes.../logo_full.png
Electronic Frontier Foundation.
Issue 726.
Nov 17, 2017.
House Judiciary Committee Forced Into Difficult Compromise on Surveillance Reform.
The House Judiciary Committee on Wednesday approved the USA Liberty Act, a surveillance reform package introduced last month. The bill is seen by many as the best option for reauthorizing and reforming Section 702 of the FISA Amendments Act of 2008, which is set to expire in less than two months.
Some committee members described feeling forced to choose between supporting stronger surveillance reforms or advancing the Liberty Act, and voiced their frustration about provisions that only partly block the warrantless search of Americans’ communications when an amendment with broader surveillance reforms was available. Complicating their deliberations was the fact that the Senate Select Committee on Intelligence has already reported out a bill with far fewer surveillance protections.
EFF Updates.
TSA Plans to Use Face Recognition to Track Americans Through Airports.
The “PreCheck” program is billed as a convenient service to allow U.S. travelers to “speed through security” at airports. However, the latest proposal released by the Transportation Security Administration (TSA) reveals the Department of Homeland Security’s (DHS) greater underlying plan to collect face images and iris scans on a nationwide scale. DHS’s programs will become a massive violation of privacy that could serve as a gateway to the collection of biometric data to identify and track every traveler at every airport and border crossing in the country.
Here’s How Congress Should Respond to the Equifax Breach
In the wake of Equifax's massive breach of 145.5-million Americans' most sensitive information, EFF has some suggestions for Congress to ensure that victims of data breaches like these are compensated fairly when a company is negligent with their sensitive data.
Congress needs to empower an expert agency like the FTC with rule-making authority to set security standards and enforce them. Congress should not preempt state data breach laws, but should establish that credit bureaus have a fiduciary duty to protect our data. People impacted by breaches should have an unwaiveable right to sue companies that are negligent with sensitive data.
Verizon Asks the Federal Communications Commission to Prohibit States from Protecting User Privacy.
After lobbying Congress to repeal consumer privacy protections over ISPs, Verizon wants the Federal Communications Commission (FCC) to do it a favor and preempt states from restoring their privacy rights. After Congress repealed the FCC's previous privacy rule, dozens of state bills were introduced to restore broadband privacy.
It would be unwise for the FCC to attempt to block consumer privacy protections at Verizon's behest, and it would be on shaky legal footing if it tried to do so.
U.S. Federal Court Rejects Global Search Order.
Does Google U.S. have to obey a Canadian court order requiring Google to take down information around the world, ignoring contrary rules in other jurisdictions? According to the Northern District of California in Google v. Equustek, the answer is no.
A court in one country has no business issuing a decision affecting the rights of citizens around the world. The Canadian order set a dangerous precedent that would be followed by others, creating a race to the bottom as courts in countries with far weaker speech protections would feel empowered to effectively edit the Internet.
Do Not Track Implementation Guide Launched.
We recently released the implementation guide for EFF's Do Not Track (DNT) policy. For years users have been able to set a Do Not Track signal in their browser, but there has been little guidance for websites as to how to honor that request. EFF's DNT policy sets out a meaningful response for servers to follow, and the guide provides details about how to apply it in practice.
The guide exists as a Git repository and will evolve. We want your contributions and invite you to use it as a space to share advice on web privacy engineering. If you have suggestions for other DNT-compliant service providers, please submit them.
The guide: https://github.com/EFForg/dnt-guide.
DDoS Guide Relaunch: Keep Your Site Safe from Zombie Attacks.
Keeping Your Site Alive, our guide for keeping your site online amidst a DoS (denial of service) or DDoS (distributed denial of service) attack, now has a new look and new advice. The guide, originally created and updated in conjunction with the Tactical Technology Collective, is aimed at human rights defenders, independent publications, and other administrators of small websites.
The guide: https://www.eff.org/keeping-your-site-alive/.
Epson is Using its eBay “Trusted Status” to Make Competing Ink Sellers Vanish.
Epson claims that generic ink cartridges that are compatible with its printers violate a nonspecific patent in nonspecific ways. Because Epson is part of eBay's VeRo program, through which trusted vendors can have listings removed without anyone checking the validity of the claim, eBay removed many third-party ink sellers' products without any further scrutiny.
The Open Rights Group—whose analysis shows that Epson is acting to hurt the resale market, not to assert patents against the manufacturers that are their competitors—have asked the UK Intellectual Property Office to investigate Epson's business practices.
miniLinks.
Comcast Asks the FCC to Prohibit States from Enforcing Net Neutrality.
Comcast wants FCC Chairman Ajit Pai to block states from enacting their own net neutrality rules. (Ars Technica)
India Begins to Embrace Digital Privacy.
In response to the recent ruling in India that privacy is a fundamental right, tech companies must now shift to more responsible and accountable data collection and retention methods, which Indian courts will enforce through yet-to-be-written data protection laws. (Slate).
Reproduction of this publication in electronic media is encouraged. MiniLinks may not represent the views of EFF.
This newsletter is printed from 100% recycled electrons.
To read more: View as a webpage.