Even if your student doesn't use a Chromebook, they may have a Google Apps for Education (GAFE) account, which is essentially a Google account provided by the school. GAFE accounts can be accessed from any browser, and the privacy settings affect your student regardless of which browser they use to log in to GAFE. In order to maximize your child's privacy, we advise changing the settings below.

If your child's school issued them a Chromebook, be sure to also check out our Guide to Chromebook Privacy Settings for Students.

A Case Study of a California Father Fighting His Daughter’s School District Over Digital Privacy

Katherine W. was seven years old, in the third grade, when her teacher first issued Google Chromebooks to the class.

Katherine’s father, Jeff, was concerned. It wasn’t because he had a problem with technology. In fact, Jeff and his family are technology enthusiasts. “We bought a house in this area primarily because of the school district. And one of the things that excited us about the school was the use of technology,” Jeff explained during a recent interview with EFF.

That enthusiasm waned when the school retired its former laptops and brought in Chromebooks for the students instead, also assigning each third grader a profile in Google Apps for Education, Google’s cloud-based education suite. Chromebooks may have been cheaper, but Jeff feared they might come at the cost of his daughter’s privacy.

Following the Senate’s September hearing, the House Judiciary Committee today held a hearing on reforming the Electronic Communications Privacy Act, the federal law that regulates government access to private communications records stored by online service providers.

Congress is considering a pair of identical bills that would create a warrant requirement for any government entity that seeks personal content stored in the cloud: the Senate version is the Electronic Communications Privacy Act Amendments Act (S. 356) while the House calls theirs the Email Privacy Act (H.R. 699).

Many media reports on (as well as at least one response to) the FTC complaint we submitted yesterday about Google’s violation of the Student Privacy Pledge have focused heavily on one issue—Google’s use of Chrome Sync data for non-educational purposes. This is an important part of our complaint, but we want to clarify that Google has other practices which we are just as concerned about, if not more so.

Today marks a major milestone for the encrypted Web. Let's Encrypt, the free and automated certificate authority, has entered Public Beta. That means it's easier than ever for websites to adopt HTTPS encryption. A huge percentage of the world's daily Internet usage currently takes place over unecrypted HTTP, exposing people to illegal surveillance and injection of unwanted ads, malware, and tracking headers into the websites they visit. EFF's Encrypt the Web project aims to fix that, and Let's Encrypt—a collaboration with Mozilla, the University of Michigan, Cisco, Akamai and many other sponsoring organizations—should be a huge step forward.

The FBI recently opened beta testing of eFOIA, a new online system for filing and tracking requests for records under the Freedom of Information Act (FOIA). On first glance, the project seems like a noble effort to streamline transparency in an agency that is notoriously slow and resistant to releasing public information.

But there’s one feature that we would like to see treated as a bug and excised from the new system: mandatory submission of government-issued identification.

The United States Court of Appeals for the Second Circuit issued an opinion rejecting the government’s attempt to hold an employee criminally liable under the federal hacking statute—the Computer Fraud and Abuse Act (“CFAA”)—for violating his employer-imposed computer use restrictions. The decision is important because it ensures that employers and website owners don’t have the power to criminalize a broad range of innocuous everyday behaviors, like checking personal email or the score of a baseball game, through simply adopting use restrictions in their corporate policies or terms of use.

The court also ruled that the government cannot hold people criminally liable on the basis of purely fantastical statements they make online—i.e., thoughtcrime.  

This week, we launched the Power Up Your Donation campaign. For the next few days, donations to EFF through the campaign will be matched by challenge grants from passionate digital rights advocates. Donate today and double your impact on securing networks and devices, stopping illegal government surveillance, fighting censorship, protecting the freedom to tinker, and more!

The Internet is a diverse ecosystem of private and public stakeholders. By excluding a large sector of communities—like security researchers, artists, libraries, and user rights groups—trade negotiators skewed the priorities of the Trans-Pacific Partnership (TPP) towards major tech companies and copyright industries that have a strong interest in maintaining and expanding their monopolies of digital services and content. Negotiated in secret for several years with overwhelming influence from powerful multinational corporate interests, it's no wonder that its provisions do little to nothing to protect our rights online or our autonomy over our own devices. For example, everything in the TPP that increases corporate rights and interests is binding, whereas every provision that is meant to protect the public interest is non-binding and is susceptible to get bulldozed by efforts to protect corporations.

Real Encryption Means Encryption Without Compromises.

Updated 12/9/15

It’s a showdown over encryption, and we need your voice.

The Obama administration just responded to the 104,109 people who asked the president to stand up for strong encryption. The response—penned by Deputy U.S. Chief Technology Officer Ed Felten and Special Assistant to the President and Cybersecurity Coordinator Michael Daniel—acknowledged the importance of the conversation but offered no conclusions. Instead, they asked us to share our thoughts on encryption.

That means we need the help of Internet users worldwide who care about security. You can tell the Obama administration exactly what you think about the importance of encryption by filling out this form.

It’s been a bad few weeks for the people of Bangladesh, made worse by the ham-handed internet censorship of its government. Their decision to block some online messaging services was a disproportionate and unnecessary attempt to silence all speech on a slapdash list of messenger applications.

In an unusually direct attack on online privacy and free speech, the ruling regime of Kazakhstan appears to have mandated the country's telecommunications operators to intercept citizens' Internet traffic using a government-issued certificate starting on January 1, 2016. The press release announcing the new measure was published last week by Kazakhtelecom JSC, the nation's largest telecommunications company, but appears to have been taken down days later—the link above comes courtesy of the Internet Archive, which never forgets. It is unclear whether the retracted press release indicates that Kazakhstan's ruling regime has abandoned the plan in response to widespread criticism, or is simply planning to carry it out at some later date, once attention has died down.

One of the basic tenets of a civilized society is that the punishment should be proportionate with the crime. What essentially amounts to vandalism should not result in even the remote possibility of a 25-year jail sentence. But that very possibility is on the table in the government’s case against journalist Matthew Keys, whose sentencing hearing is about one month off. The case is an illustration of prosecutorial discretion run amok—and once again shows why reform of the federal anti-hacking statute, the Computer Fraud and Abuse Act (CFAA), is long overdue.

In the public battle for strong encryption, EFF has championed the voice of everyday Internet users. After all, if we can’t rely on the security of our digital communications, how can the Web continue to grow and thrive?

Now the fight has moved to the Oval Office. EFF, Access Now, over a dozen nonprofits and tech companies, and over 100,0000 concerned Internet users joined forces to ask President Obama to stand up for uncompromised encryption. 

We definitely got his attention.

Copyright Lawsuits Won’t Stop People from Sharing Research

In principle, everyone in the world should have access to the same body of knowledge. The UN Declaration of Human Rights says that everyone deserves the right “to share in scientific advancement and its benefits.”

The reality is a bit messier. Institutional subscriptions to academic databases don’t cover every article someone would ever need. When scholars and professors find a reference to an article that they don’t have access to, they’ll often turn to less orthodox approaches: asking for the paper on Twitter or Facebook, emailing a friend at another institution, or even asking the author directly. For a lot of people, research amounts to a patchwork of sources culled together through authorized and unauthorized methods.

The language in the Trans-Pacific Partnership (TPP) on Internet Service Provider (ISP) liability—which governs the legal liability of Internet intermediaries and platforms for communications of their users—resides in an annex in the trade agreement's Intellectual Property chapter and was one of the most contentious parts of its copyright enforcement rules. This is because the United States was pushing to export a version of the liability regime that exists under its Digital Millennium Copyright Act (DMCA), which has been notoriously problematic in facilitating the censorship of online content through bogus copyright claims.

Today Public Knowledge, Engine, and EFF filed an amicus brief in the Supreme Court about patent damages. This guest post is by former EFF apprentice legal intern Charles Duan, now the Director of Public Knowledge’s Patent Reform Project. It is cross-posted from Public Knowledge’s blog.

Today, House leadership released text of the 2016 "Omnibus package." The legislative package is supposed to deal exclusively with funding the federal government through 2016; however, leadership also managed to include a dangerous cybersecurity "information sharing" bill. The cybersecurity bill is a combination of three bad cybersecurity bills passed by Congress this year: two pieces of legislation in the House and another--called the Cybersecurity Information Sharing Act (CISA)--in the Senate.

In response to feedback from activist groups, including the Electronic Frontier Foundation, Facebook announced Tuesday that it would change some aspects of its real names policy. As it currently stands, the policy requires users to register what Facebook calls their “authentic identity,”—or how friends and family know them—in order to use the social network. The policy also allows users to report other users registered under alias names and gives Facebook the ability to suspend any accounts where the identity of a user is found to be “fraudulent.” This abuse system has been used to silence a broad range of users, from drag queens to Vietnamese pro-democracy activists.

We were disappointed today to learn that a federal appeals court in Pasadena declined to consider EFF’s appeal of a ruling in Jewel v. NSA, our long-running lawsuit battling unconstitutional mass surveillance of Internet and phone communications. While we are disappointed that government’s stall tactics prevailed here, the case still lives on. We look forward to litigating back in the lower court, making it clear that Internet backbone spying is unconstitutional.

All too often, new police surveillance tools are initially applied to only the “worst of the worst” and then slowly—but surely—expanded to include an ever-growing number of less culpable individuals. We’ve seen it with DNA collection. And now we’re starting to see it with GPS tracking. That’s why last week EFF filed an amicus brief with the United States Court of Appeal for the Seventh Circuit urging the court to strike down a Wisconsin statute that required certain individuals—including individuals who already fully served their criminal sentences—to wear GPS ankle bracelets every day for the rest of their lives.

Getting a patent demand letter from a troll can be a scary experience. The letters often include a lot of legal jargon, not to mention a patent that is often impenetrable (at least, not without hiring an expensive lawyer to translate it for you).

But suppose you are concerned that the patent may impact your business. After trying to reach an agreement with the patent owner and failing, you may be told by your lawyer that the next step is to go to court.

Unfortunately, thanks to a 1998 court case, you often can’t go to your local courthouse and get things figured out. Instead, you may be forced to go to a courthouse across the country, in a small corner of a state that you have little to no connection to.

Earlier this fall, EFF and MIT co-hosted the Freedom to Innovate Summit, bringing together student researchers from around the country to discuss threats to research and how universities can better support students. Video from several sessions recently became available online.

The Summit featured several noteworthy speakers, including students who had been forced to confront overzealous law enforcement authorities and prosecutors. One whose story gripped participants was former MIT Electrical Engineering and Computer Science student Star Simpson.

In recent years, the stock photo industry has sent out thousands of boiler plate demand letters asking Internet users to pay for photos that appear on blogs and other websites. In many cases, the industry appears to be leveraging the threat of litigation to extract settlements well beyond any actual harm. At other times, these demand letters have carelessly targeted licensed uses and fair uses. Today EFF is helping a website owner respond to an improper attack on fair use by License Compliance Services, Inc. (LCS).