EFF in the News
Chelsea Manning's helpers write, "Citing potential copyright infringement, the Army censored materials on prison censorship from the Electronic Frontier Foundation that were sent to Chelsea by one of her volunteers."
Shahid Buttar, Director of Grassroots advocacy at the Electronic Frontier Foundation
Susan Hennessey, fellow in national security in governance at the Brookings Institution and a former attorney in the Office of General Counsel of the National Security Agency; she also is managing editor of the LawFare Blog, which focuses on national security issues
Several years ago, Joseph Bonneau, a Stanford post-doctoral researcher and a technology fellow with the Electronic Frontier Foundation, obtained samples of password frequency from Yahoo. He was able to publish some aggregate statistics, but Yahoo wouldn't let him publicly share the raw data because of potential privacy concerns.
"Here was this data that was incredibly useful to people like me, but we couldn't get access to it," Blocki said.
So Blocki, Datta and Bonneau created a new algorithm to add just enough distortion to the frequency lists to make them useless to hackers, but still enable researchers to see the high-level patterns they seek in the data.
Their algorithm is based on a powerful differentially private tool called the exponential mechanism, which introduces minimal distortion but is not computationally efficient in general. By exploiting the inherent mathematical structure of a password frequency list, the researchers were able to develop a computationally efficient version of the exponential mechanism tailored to the lists.
"With our new approach, we can provide precise guarantees about privacy," Bonneau said. "I hope this convinces more organizations to share data publicly about passwords and potentially other data that might be useful for security."
The FBI'S order to Apple to help them figure out the password of San Bernardino shooter Syed Farook's iPhone is "unprecedented and dangerous," said Nate Cardozo of the Electronic Frontier Foundation. But refusing to hack into users' phones is something Apple Tim Cook openly talked about at Stanford University in 2015.
“They don't even really care about the data on this particular phone (as evidenced by the facts that this is the suspect's work phone — he destroyed his personal phones — and that they're conducting this litigation in public rather than under seal). They chose this particular set of facts to create a precedent,” Nate Cardozo, staff attorney for Electronic Frontier Foundation, wrote via e-mail.
Jennifer Lynch, senior staff attorney for the Electronic Frontier Foundation, points out that electronic databases of personal information can pose significant risks to security, even those run by government agencies.
"Just last year, we had this huge hack at the Office of Personnel Management databases, which was all the very sensitive and private information of federal employees and government contractors, including their biometrics," Lynch said. "Databases are being hacked all the time, and that’s a huge threat to privacy and security. Because of course if it’s a biometric, you can’t change your biometric. It can be faked and used by someone else. Security researchers have shown that multiple times."
- Benjamin Wittes, senior fellow in Governance Studies and co-director of the Harvard Law School-Brookings Project on Law and Security
- Laura Sydell, digital culture correspondent, NPR
- Nate Cardozo, attorney, Electronic Frontier Foundation
The government invoking All Writs Act could set, in Cook's words, a "dangerous precedent" down the line. That's because "coding is not burdensome," the government says, according to Andrew Crocker, a staff attorney at the Electronic Frontier Foundation.
"There is no magic key that only good guys can use and bad guys cannot," said Cindy Cohn, executive director of the Electronic Frontier Foundation, a digital civil liberties organization.
"Any vulnerability Apple is forced to create in its phones can and will be exploited by criminals making all less secure," Cohn said. "This is really a question of security versus surveillance."
Yet privacy advocates say the equation changes when such photographic documentation is done not once, or even dozens of times, but rather hundreds of millions of times, and stored into a searchable database that can potentially be combined with other personal information. “When you know where somebody travels, you can learn quite a lot about their lives,” said Jennifer Lynch, an attorney for the Electronic Frontier Foundation.