Deeplinks
If there's anything creepier than a drone flying up to your home and peering through your window, it's the thought of your technology—your cellphone, laptop camera, car radio, or even an implanted medical device—being turned on you for an even more intimate view of your private life. But the reaction last week to a drunken government intelligence agent borrowing his buddy's drone and crashing it into the White House lawn is a reminder that shortsighted solutions to the first problem could exacerbate the second.
As the White House reacted to the drone crash with a call for more regulation, the manufacturer of the downed quadcopter announced it would push a firmware update to all its units in the field, permanently preventing those drones from taking off or flying within 25km of downtown Washington DC.
"Warrant canary" is a colloquial term for a regularly published statement that an internet service provider (ISP) has not received legal process that it would be prohibited from saying it had received, such as a national security letter. The term "warrant canary" is a reference to the canaries used to provide warnings in coalmines, which would become sick from carbon monoxide poisoning before the miners would—warning of the otherwise-invisible danger. Just like canaries in a coalmine, the canaries on web pages “die” when they are exposed to something toxic—like a secret FISA court order.
Here’s something that merits a lot of reddit gold.
On Thursday, reddit published its first-ever transparency report covering all of 2014. It’s a summary of all the legal requests to take down content from the site as well as all government attempts to access reddit’s user data.
Lots of companies publish transparency reports, but not all of them do a good job. We took some time to look at exactly what reddit’s report included and found a whole bunch of stuff that impressed us. Here’s an overview of why you might be equally thrilled with the report.
Between all the Super Bowl football action yesterday, one commercial seemed to have caught a lot of people's attention: to promote its smallest SUV, Jeep showed images of it all over the country, then the world, to the tune of Woody Guthrie's "This Land Is Your Land."
One reason people are discussing it is because appearing in a commercial would seem to run against the late Guthrie's values. Would Guthrie have ever allowed the song to be licensed to Jeep, and for a Super Bowl commercial?
Verizon told the New York Times on Friday that it plans to begin allowing its customers to opt out of its privacy-invasive header injection program. For customers that are aware of the Verizon program and visit the opt-out page, this means they will soon be able to protect themselves against privacy circumvention like Turn's zombie cookie.
Once again, bad facts are making bad law – but it’s not too late to change that. EFF, together with the Organization for Transformative Works, has filed an amicus brief in Davis v. Electronic Arts. This case is the latest in a series of rulings where courts have opened the door to censorship by persons depicted in creative works. We are asking the Ninth Circuit to reverse a dangerous decision that allows the so-called right of publicity to trump free speech.
with assistance from Rainey Reitman.
A year ago, President Obama made tepid promises to reform the NSA (check out our analysis of those commitments). Today, he followed up with more specifics.
What do you need to know? His reform plan:
Security shouldn’t be a synonym for giving up civil liberties. But bills like HR 399 show that lawmakers think it is. The Secure Our Borders First Act is an ugly piece of legislation that’s clearly intended to strongarm the Department of Homeland Security into dealing with the border in a very particular way—with drones and other surveillance technology.
A pair of bills aimed at reforming the Electronic Communications Privacy Act (ECPA) were introduced in the United States Congress today. The bills, championed by Senators Leahy (D-Vt.) and Lee (R-Utah) and Representatives Yoder (R-Ks.) and Polis (D-Co.) focus on clarifying that the government must obtain a warrant before looking at email and other private online messages. EFF strongly supports this common sense reform.
And we're not the only ones. The bills are being supported by a strong bipartisan coalition with over 220 cosponsors in the House.
Well done, Team Internet. After a year of intense activism, we may have finally convinced the Federal Communications Commission to change course and craft clear, bright-line rules to protect the open internet, based on legal authority that will actually survive the inevitable legal challenge.
The Privacy and Civil Liberties Oversight Board (PCLOB) exists to ensure that national security does not trump privacy and civil liberties, and it has been especially busy since the publication of the first Snowden leak. Congress and the President asked the Board to review the use of Section 215 of the PATRIOT Act and Section 702 of the FISA Amendments Act, as well as the operations of the Foreign Intelligence Surveillance Court. In 2014, PCLOB published two reports addressing these issues. And last week, the Board published a “Recommendations Assessment Report [pdf].”
Section 215 Recommendations
This is the year for patent reform.
Today Rep. Bob Goodlatte, chairman of the House Judiciary Committee, reintroduced the Innovation Act—the strongest bill targeting patent trolls we've seen [PDF]. The language mirrors the legislation that the House overwhelmingly passed and the White House supported in late 2013.
Unfortunately, 2014 began with the Senate's failure to pass strong patent reform. Even more unfortunately, the year ended with numbers showing that patent trolling is still a rampant problem.
Following EFF’s victory in a four-year Freedom of Information Act lawsuit, the government released an opinion (pdf), written by the Office of Legal Counsel (OLC) in 2010, that concluded that Section 215—the provision of the Patriot Act the NSA relies on to collect millions of Americans’ phone records—does have a limit: census data.
EFF defends rights in the digital world. But what about when the digital world enables violations of human rights? We think that’s important, too. That’s why we filed an amicus brief in In Re: South African Apartheid, a case that seeks to hold IBM's headquarters in New York responsible for purposefully facilitating apartheid, by creating a computerized national ID system that the South African government used to strip the country’s black population of its rights as citizens.
As we point out in our brief:
France’s misguided efforts to grapple with hate speech—which is already prohibited by French law—have been making headlines for years. In 2012, after an horrific attack on a Jewish school, then-president Nicolas Sarkozy proposed criminal penalties for anyone visiting websites that contain hate speech. An anti-terror law passed in December imposes greater penalties on those that “glorify terrorism” online (as opposed to offline), and allows websites engaging in the promotion of terrorism to be blocked with little oversight.
Last week, Google announced that its Youtube service would default to using HTML5 video instead of Flash. Once upon a time, this would have been cause for celebration: after all, Flash is a proprietary technology owned by one company, a frequent source of critical vulnerabilities that expose hundreds of millions of Internet users to attacks on their computers and all that they protect, and Flash objects can only be reliably accessed via closed software, and not from free/open code that anyone can inspect.
With more than 38-million people and some of the largest technology companies in the world calling California home, the Golden State should be a leader in safeguarding electronic privacy. For years the state’s constitution has provided greater privacy protection than the Fourth Amendment. But when it comes to electronic privacy, the state has lagged behind, even as other states, such as Texas and Maine, have passed legislation to protect everything from the contents of email to the detailed location information generated by our phones.
Not anymore.
From the same agency that brought you the Trans-Pacific Partnership (TPP)—the United States Trade Representative (USTR)—comes a lesser-known, but also insidious global intellectual property gambit: the Special 301 Report. The Special 301 Report is a survey conducted under the auspices of the Trade Act and has been issued every year since 1989. The USTR, like a malevolent Santa Claus, assesses whether the other countries of the world have been naughty or nice in their treatment of U.S. intellectual property holders, and raps them over the knuckles if they don't come up to scruff.
When you buy a video game, you expect to be able to play it for as long as you want. You expect be able to play it with your kids many years from now if you want (well, maybe not Grand Theft Auto). And you would hope that museums and media historians could preserve the games that were so important to your childhood. But unfortunately, the Digital Millennium Copyright Act’s anti-circumvention provisions (17 U.S.C. § 1201, or Section 1201) creates legal risks for players who want to keep playing after game servers shut down, and curators who want to preserve games for posterity. That’s why I’m spearheading an effort to win legal protection for game enthusiasts and preservationists who want to keep abandoned games alive by running multiplayer servers or eliminating authentication mechanisms.
Update, February 11: Last night, the Public Safety Committee, led by Councilmember Desley Brooks, "approved in concept the work that has been done so far" by the Ad Hoc Privacy Policy Committee.1The Public Safety Committee indicated that it felt small changes were needed, but their response was overall positive. The policy and additional recommendations will be posted online in order to give the public a chance to comment, and will be in front of the Public Safety Committee at the first meeting in April.
President Obama recently announced slight changes to NSA data collection practices. The recent tweaks mean two new privacy protections for those that U.S. law considers foreigners (in this case, people who are outside of the United States borders who are neither U.S. citizens nor legal U.S. residents).
Perhaps you’re thinking Obama is using his executive authority to stop the mass surveillance of all Internet traffic of people worldwide? Nope, not quite. The new protections are:
Judge White of the Northern District of California just issued an order granting the government's motion for partial summary judgment in Jewel v. NSA, EFF's longest-running case challenging mass spying.
EFF will keep fighting the unlawful, unconstitutional surveillance of ordinary Americans by the U.S. government. Today's ruling in Jewel v. NSA was not a declaration that NSA spying is legal. The judge decided instead that "state secrets" prevented him from ruling whether the program is constitutional.
What do Japan's Blue Sky Library, Malaysia's answer to John Wayne, and the first recorded composer from New Zealand, all have in common? They could all disappear from their countries' public domain for the next 20 years, if the current agreement on copyright term extension in the Trans-Pacific Partnership (TPP) holds.
As the devices in our homes get "smarter," are they also going to spy on us? That question has led to one sentence in Samsung's SmartTV privacy policy getting a lot of attention lately:
Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.
The comparisons to 1984's two-way "telescreens" are straightforward. This kind of language suggests that while you're watching TV, Big Brother may be watching (or listening to) you. Samsung has taken to its blog for an explanation and edited the policy, but that has not assuaged everybody's concerns.
Yesterday marked a frustrating juncture in EFF’s long-running lawsuit against mass surveillance, Jewel v. NSA, filed on behalf of AT&T customers whose communications and telephone records are being vacuumed by the National Security Agency.
A federal court in San Francisco sided with the U.S. Department of Justice, ruling that the plaintiffs could not win a significant portion of the case—a Fourth Amendment challenge to the NSA’s tapping of the Internet backbone—without disclosure of classified information that would harm national security. In other words, Judge Jeffrey White found that “state secrets” can trump the judicial process and held that EFF’s clients could not prove they have standing.
In June 2015, the U.N's free speech watchdog, David Kaye, intends to present a new report on anonymity and encryption before the 47 Member States of the Geneva-based Human Rights Council. Yesterday, EFF filed comments urging Mr. Kaye to reaffirm the freedom to use encryption technology and to protect the right to speak, access and read information anonymously. Mr. Kaye’s report could be one of the most significant opportunities to strengthen our fundamental freedoms in the digital age at the international level.
En junio del 2015, el watchdog de la libertad de expresión de las Naciones Unidas, David Kaye, presentará un nuevo informe sobre el anonimato y el cifrado ante los 47 Estados miembros del Consejo de Derechos Humanos con sede en Ginebra. Ayer, EFF presentó un informe instando al Sr. Kaye a reafirmar la libertad de usar la tecnología de cifrado y proteger el derecho a expresarse, acceder y leer la información de forma anónima. El informe del Sr. Kaye podría ser una de las oportunidades más importantes para fortalecer nuestras libertades fundamentales en la era digital a nivel internacional.
In the South Carolina prison system, accessing Facebook is an offense on par with murder, rape, rioting, escape and hostage-taking.
This week the Obama administration is releasing its second Executive Order in as many years on computer ("cyber") security, which reports are saying will create a new department in the intelligence community to handle computer security threat information sharing. Officials are hailing the center as "new" and unprecedented.
The Trans-Pacific Partnership agreement (TPP) poses massive threats to users in a dizzying number of ways. It will force other TPP signatories to accept the United States' excessive copyright terms of a minimum of life of the author plus 70 years, while locking the US to the same lengths so it will be harder to shorten them in the future. It contains DRM anti-circumvention provisions that will make it a crime to tinker with, hack, re-sell, preserve, and otherwise control any number of digital files and devices that you own.
Twitter has released a new transparency report. The company—which scored five stars in our latest “Who Has Your Back?” report—blogged about the release, wrote that “[p]roviding this insight is simply the right thing to do, especially in an age of increasing concerns about government surveillance.” More than thirty Internet companies now publish transparency reports.
Western economic sanctions aimed at Russia have had a disproportionately negative effect on Crimea's IT industry, writes Sergey Kozlovsky. The sanctions, imposed after Russia's annexation of Ukraine's Crimea region, have forced Visa and MasterCard to remove support for bank cards in the region, Apple to block apps from Crimean iOS users, and Google to cut off access to the Play store and to AdSense and AdWords accounts. The effect of sanctions on users and developers of technology often harm the very people they're intended to help.
Last week, we received some welcome news: the Federal Communications Commission (FCC) publicly confirmed that it is finally going to put its open internet rules on the right legal footing by reclassifying broadband providers as common carriers. That said, the goal was never just reclassification; that’s just an essential step for open internet rules to survive the inevitable court challenge. The real goal, though, has always been for the FCC to adopt targeted rules of the road for broadband. Will it?
That’s still hard to know, because the FCC has been pretty quiet, at least publicly, on the details of the final rules that will be put to a vote on February 26. Here are some thoughts on what we know so far – and what we’d like to know.
Here at EFF we rely heavily on freely licensed software to run our websites, organization, and activism campaigns. Unlike proprietary software that restricts users from tinkering with the programs they run, free software carries with it the ability to modify, study, share, and improve a program's source code. From a security standpoint, software freedom is a necessary precursor to security and privacy because nonfree programs make it difficult or impossible to inspect and verify the programs running on a machine. Without the freedom to fix security holes and share these changes with others, nonfree software leaves computer users to fend for themselves.
What do drag queens, burlesque performers, human rights activists in Vietnam and Syria, and Native Americans have in common? They have all been the targets of "real names" enforcement on Facebook. And despite reports from the media last year that seemed to indicate that Facebook has "fixed" the issue, they’re still being targeted.
The account suspension of Lakota woman Dana Lone Hill got some media attention earlier this week. Lone Hill has had a very similar experience to other users who’ve been booted of the site for name policy violations—with one important difference.
EFF has joined seventy human rights and free speech organizations in calling on the Syrian government to release Mazen Darwish, Hani Al-Zitani and Hussein Ghrer, three free speech activists who were arrested on February 16, 2012 in a raid on the offices of the Syrian Center for Media and Freedom of Expression (SCM). Darwish is a journalist and the director of the SCM while Al-Zitani and Ghrer are both staff members. Ghrer is also a long-time blogger. The three men are also the subject of a campaign from Free Syria's Silenced Voices.
The letter is published below in its entirety.
Fighting against the sanctions regime for the right to information and innovation can sometimes feel like a cat and mouse game, but today, citizens of Sudan are like the cats that got the cream. After years of campaigning from Sudanese and international activists alike, a success: The Office of Foreign Assets Controls (OFAC) at the US Department of Treasury has issued a general license for the export of hardware and software “incident to personal communications” to Sudan.
Patent trolls are still at it. A new report from Unified Patents, found that 449 patent cases were filed in district court in January 2015—a 36% increase over January 2014. The growth was fueled largely by patent trolls, who filed more than half of the month’s cases. This marks the second month in a row where we have seen an increase in patent litigation from the same period a year ago.
News broke last night that Lenovo has been shipping laptops with a horrifically dangerous piece of software called Superfish, which tampers with Windows' cryptographic security to perform man-in-the-middle attacks against the user's browsing. This is done in order to inject advertising into secure HTTPS pages, a feature most users don't want implemented in the most insecure possible way.
Over the weekend Russian IT security vendor Kaspersky Lab released a report about a new family of malware dubbed "The Equation Family". The software appears, from Kaspersky's description, to be some of the most advanced malware ever seen. It is composed of several different pieces of software, which Kaspersky Lab reports work together and have been infecting computer users around the world for over a decade. It appears that specific techniques and exploits developed by the Equation Group were later used by the authors of Stuxnet, Flame, and Regin.
Anyone interested in privacy and security should think twice about their cell phone dependence right now. That’s because today, The Intercept revealed that British spy agency GCHQ led successful efforts to hack into the internal networks of Gemalto, “the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications” made on the world’s largest telecommunications carriers, including “AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world.”
In other words, for millions or even billions of users around the world, global cellular communications are about as secure from GCHQ and NSA as an FM radio broadcast.
Here’s how it works. As The Intercept explains:
We recently learned that PC manufacturer Lenovo is selling computers preinstalled with a dangerous piece of software, called Superfish, that uses a man-in-the-middle attack to break Windows' encrypted Web connections for the sake of advertising. (Here's a list of affected products.) Research from EFF's Decentralized SSL Observatory has seen many thousands of Superfish certificates that have all been signed with the same root certificate, showing that HTTPS security for at least Internet Explorer, Chrome, and Safari for Windows, on all of these Lenovo laptops, is now broken.
Want to know if GCHQ spied on you? Now you can find out. Privacy International (PI) has just launched a website that lets anyone find out if their communications were intercepted by the NSA and then shared with GCHQ.
The website is the result of a February 6 ruling by the Investigatory Powers Tribunal (IPT). Similar to the Foreign Intelligence Surveillance Court in the US, the IPT is a special court in the UK established by the Regulation of Investigatory Powers Act (RIPA) that deals with issues of surveillance and human rights.
The mainstream media has paid a lot more attention to abuse and harassment on Twitter lately, including a recent story by Lindy West on This American Life about her experience confronting an especially vitriolic troll. She isn’t alone—and it appears that for the company at least, the number of Twitter users speaking out about harassment has reached critical mass. In an internal memo obtained by The Verge earlier this month, Twitter CEO Dick Costolo acknowledged Twitter's troubled history with harassment, writing:
CITIZENFOUR, Laura Poitras' riveting documentary about Edward Snowden's efforts to shed light on gross surveillance abuses by the United States government and its partners, just won the 2014 Academy Award for Best Documentary Feature. Tonight's Oscar win recognizes not only the incredible cinematography of Poitras, but also her daring work with a high-stakes whistleblower and the journalism that kick-started a worldwide debate about surveillance and government transparency. We suspect this award was also, as the New York Times pointed out, "a way for Academy members to make something of a political statement, without having to put their own reputations on the line."
Laura Poitras won an Academy Award for her documentary CITIZENFOUR. At the ceremony, she gave a brief speech thanking everyone who helped make the film as well as acknowledging the bravery of Edward Snowden and other whistleblowers.
Here is Poitras' acceptance speech:1
We didn't know how much copyright maximalists longed for the Trans-Pacific Partnership (TPP) agreement—until we saw this creepy "open love letter" to the TPP from one of the biggest, most powerful copyright lobby groups, the Global Intellectual Property Center. We couldn't have made this up if we tried. Here's one part of it:
You know, dear TPP, that I will drop to one knee and say “I do” for gold—no, diamond—standards for intellectual property. My creative and innovative talents need your protection. Without trade agreements like you, it would be a long, hard journey to jumpstart our economies.
For many months, EFF has been working with a broad coalition of advocates to persuade the Federal Communications Commission to adopt new Open Internet rules that would survive legal scrutiny and actually help protect the Open Internet. Our message has been clear from the beginning: the FCC has a role to play, but its role must be firmly bounded.
Copyright policy is not something that should be rushed into without adequate evidence and consultation. Yet since only last December, the Australian government has sent stakeholders scrambling to develop a new code of practice on copyright that would could change the lay of the land for the Internet industry for decades to come. The code is designed to force ISPs to adopt new “reasonable measures” to deter copyright infringement—measures that the Australian High Court had earlier decided that they were under no obligation to adopt.
Pages
Deeplinks Topics
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- Innovation
- International
- Know Your Rights
- Privacy
- Trade Agreements
- Security
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anonymity
- Anti-Counterfeiting Trade Agreement
- Biometrics
- Bloggers' Rights
- Broadcast Flag
- Broadcasting Treaty
- CALEA
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- CyberSLAPP
- Defend Your Right to Repair!
- Defending Digital Voices
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA
- DMCA Rulemaking
- Do Not Track
- DRM
- E-Voting Rights
- EFF Europe
- Encrypting the Web
- Export Controls
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2014 Copyright Review Process
- FTAA
- Genetic Information Privacy
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- OECD
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- Patents
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Printers
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- RFID
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student and Community Organizing
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- Trans-Pacific Partnership Agreement
- Travel Screening
- TRIPS
- Trusted Computing
- Video Games
- Wikileaks
- WIPO
- Transparency
- Uncategorized
eff.org/nsa-spying
