EFF submitted an amicus letter to the California Supreme Court urging the justices to review a case that has significant implications for the free speech rights of anonymous online speakers under California law.

2014 has seen a flurry of events surrounding the issues of privacy and security when it comes to mobile devices. Here are some highlights.

EFF started the year by releasing HTTPS Everywhere on Firefox for Android. Before, HTTPS Everywhere could only protect web browsing on desktop platforms, but with the release of HTTPS Everywhere for Firefox for Android, that same protection became available for Android devices as well.

EFF was suing the NSA before it was cool. We filed our first lawsuit against the NSA for mass spying in 2008, after the NSA butted into our lawsuit against AT&T for helping the NSA do mass spying.  We’ve also been doing Freedom of Information lawsuits trying to ensure you know what the NSA is up to for many years before that.  But when it comes to fighting unconstitutional spying, the more the merrier. And 2014 was awfully merry: litigation challenging NSA surveillance moved forward in multiple cases, giving the government plenty of time to demonstrate exactly how outrageous its arguments in defense of mass spying are.

DNA can reveal an extraordinary amount of private information about you, including familial relationships, medical history, predisposition for disease, and possibly even behavioral tendencies and sexual orientation.

This past year, EFF has been on the road, traveling from country to country across Latin America to share our message of freedom to local partners and friends. While we enjoyed the opportunity to talk about our lawsuits against the NSA, as well as the dangers of location tracking and biometric data collection practices, the best part of the trip was learning about all the inspiring advocacy happening everyday on the local level.

We first stopped in Mexico, where we met local advocates and security researchers who courageously fought against the country's newest data retention law. (For those who are not familiar, last year the Mexican government approved a law compelling telecom providers to retain, for two years, the details of who communicates with whom, for how long, and from where. It also allows authorities access to these details without a court order, exposing geolocation information to reveal the physical whereabouts of Mexicans).

Dear smartphone users: great news. We’re launching our first-ever EFF mobile app. This app will tell you when there are breaking issues related to digital rights that need your help. You'll get a quick notification and be able to one-click connect to the EFF action center to speak out and help us fight for freedom online.

Install on Android

EFF is stunned and deeply saddened by the attack on Charlie Hebdo, a French satirical newspaper. As free speech advocates, we mourn the use of violence against individuals who used creativity and free expression to engage in cultural and political criticism. Murder is the ultimate form of censorship.

The Sony hack is beginning to leave its mark on lawmakers in Washington, DC. Right before leaving for their winter vacation, politicians touted cybersecurity bills as the silver bullet to stopping future Sony-like hacks. The specific cybersecurity bills don't focus on advancing research and development, but on the sharing of computer threat information between the public and private sector. What these lawmakers neglect to tell the public is that the bills wouldn't have solved the Sony hack and that companies can already share information concerning computer threats.

Information Sharing would not Have Stopped the Sony Attack

Normally when you buy a product that has a hidden defect, consumer protection law in your state or country comes to the rescue. For example, if you purchase a product—say, a book—it comes with an implicit promise that it will be fit for the ordinary purposes that books are used for, such as allowing you to read it, quote from it, lend it to others, summarize it on your blog, and donate or recycle it when you're done.

If the book can't be used in these common-sense ways, and you weren't warned about that before handing over your money, consumer protection laws will generally give you the right to a remedy such as a refund of what you paid.

PEN America published a report this week summarizing the findings from a recent survey of 772 writers around the world on questions of surveillance and self-censorship. The report, entitled "Global Chilling: The Impact of Mass Surveillance on International Writers," builds upon a late 2013 survey of more than 500 US-based writers conducted by the organization.

The latest survey found that writers living in liberal democratic countries "have begun to engage in self-censorship at levels approaching those seen in non-democratic countries, indicating that mass surveillance has badly shaken writers' faith that democratic governments will respect their rights to privacy and freedom of expression, and that—because of pervasive surveillance—writers are concerned that expressing certain views even privately or researching certain topics may lead to negative consequences."

Despite the fact that there is no conclusive evidence that camera surveillance is an effective  deterrent against crime, the movement towards a pervasive surveillance state continues in many Latin American countries. Surveillance technologies such as drones are gaining popularity, raising significant concerns for privacy and civil liberties.

Drones Across The Continent

More needs to be done to protect cyberspace and enhance computer security. But President Obama's cybersecurity legislative proposal recycles old ideas that should remain where they've been since May 2011: on the shelf. Introducing information sharing proposals with broad liability protections, increasing penalties under the already draconian Computer Fraud and Abuse Act, and potentially decreasing the protections granted to consumers under state data breach law are both unnecessary and unwelcome.

Information Sharing

One year ago today, a federal appellate court struck down a set of rules, crafted by the Federal Communications Commission (FCC), that were supposed to protect the open internet.  That ruling, ironically enough and only after a huge effort from Internet users, may have finally set the FCC on the path toward new, better, and legally sustainable neutrality rules.  To stay on that path, though, we need your help.

Update 2014-01-16: Turn announced today they will suspend their zombie cookie program by early February, but left open the possibility to resume in the future. We ask that they end the program permanently.

Verizon advertising partner Turn has been caught using Verizon Wireless's UIDH tracking header to resurrect deleted tracking cookies and share them with dozens of major websites and ad networks, forming a vast web of non-consensual online tracking. Explosive research from Stanford security expert Jonathan Mayer shows that, as we warned in November, Verizon's UIDH header is being used as an undeletable perma-cookie that makes it impossible for customers to meaningfully control their online privacy.

Mayer's research, described in ProPublica, shows that advertising network and Verizon partner Turn is using the UIDH header value to re-identify and re-cookie users who have taken careful steps to clear their cookies for privacy purposes. This contradicts standard browser privacy controls, users' expectations, and Verizon's own claims that the UIDH header won't be used to track users because it changes periodically.

Research from Stanford's Jonathan Mayer and ProPublica has shown that Verizon's undeleteable UIDH mobile tracking header is being used by advertising and tracking company Turn.com to respawn deleted cookies. The only complete protection from being tracked by Verizon's injected headers is to follow the advice in Verizon's privacy policy, and not use their product at all:

If you do not want information to be collected for marketing purposes from services such as the Verizon Wireless Mobile Internet services, you should not use those particular services.

The Obama Administration is on a roll with proposing legislation that endangers our privacy and security. Over the course of two days, President Obama proposed a cybersecurity bill that looks awfully similar to the now infamous CISPA (with respect to information sharing), a computer crime bill that is the opposite of our own proposed computer crime reform, and a data breach law weaker than the current status quo. All three of the bills are recycled ideas that have failed in Congress since their introduction in 2011. They should stay on the shelf.

Zombie Bill Dead in 2013, Stumbles from the Grave in 2015

Riseup, a tech collective that provides security-minded communications to activists worldwide, sounded the alarm last month when a judge in Spain stated that the use of their email service is a practice, he believes, associated with terrorism.

Riseup, un colectivo tecnológico que proporciona comunicación segura a activistas de todo el mundo, dio la voz de alarma el mes pasado cuando un juez en España declaró que el uso de su servicio de correo electrónico era una práctica, según él, asociada con el terrorismo.

We're taking part in Copyright Week, a series of actions and discussions supporting key principles that should guide copyright policy. Every day this week, various groups are taking on different elements of the law, and addressing what's at stake, and what we need to do to make sure that copyright promotes creativity and innovation.

From phones to cars to refrigerators to farm equipment, software is helping our stuff work better and smarter. But those features come at a high hidden cost: the rapid erosion of ownership. Why does that matter? Because when it comes to digital products, owners have rights. Renters on the other hand, have only permission.

The Associated Press reports that healthcare.gov–the flagship site of the Affordable Care Act, where millions of Americans have signed up to receive health care–is quietly sending personal health information to a number of third party websites. The information being sent includes one's zip code, income level, smoking status, pregnancy status and more.

Last year, we identified European copyright reform as one of the main developments to watch for in 2015, and barely a month into the year this debate is already heating up. Coinciding with the release of a draft European Parliament report written by Julia Reda, Member of the European Parliament for the German Pirate Party, Copyright for Creativity (C4C) have also released their own new Copyright Manifesto this week.

Policy makers intending to promote creativity have always overemphasized the importance of "copyright protection" without addressing the wide range of other concerns that are necessary to consider when making comprehensive innovation policy. In an era where everyone, with the use of their computer or mobile device, can easily be a consumer, creator, and a critic of art, we can not afford to ignore this digital ecosystem of artistry and innovation. Yet copyright remains completely out of touch with the reality of most creators today, while the rules that do pass seem to stray even further from addressing their needs.

U.S. District Judge Sam A. Lindsay sentenced Barrett Brown this morning to 63 months in federal prison, minus the 31 months he has already served to date. He was also ordered to pay $890,000 in restitution. EFF is disappointed to see that Brown wasn’t released today, after having spent nearly three years in prison on charges stemming from his work as an independent journalist.