EFF in the News
This problem is not unique to ProtonMail, says Joseph Bonneau, a technology fellow at the Electronic Frontier Foundation. Apple’s iMessage and the now-encrypted WhatsApp have the same flaw. (Services like TextSecure, Silent Circle, and Threema, on the other hand, allow users to verify fingerprints to assure that they have the proper keys for one another, thus mitigating that threat.)
“The only force strong enough to push back against the carriers, particularly here in the US, is Apple,” said Sina Khanifar, cofounder and adviser at OpenSignal ,and tech fellow at the Electronic Frontier Foundation. “With such a dominating market share, they’re often able to push around carriers, who need Apple devices in order to win subscribers.”
(Khanifar organized the grass-roots campaign that eventually led to Congress passing legislation requiring carriers to unlock phones if certain conditions are met.)
Doctorow, who recently re-joined the Electronic Frontier Foundation (EFF), contextualized the Internet of Things as an information rights struggle that requires an end to patent laws that forbid jailbreaking digital locks. Concordantly, he and the EFF have an ambitious plan: To dismantle the draconian Digital Rights Management (DRM) laws currently protected by the DMCA Section 1201. Doctorow and the EFF seek to counter this oppressive legislation with the Apollo 1201 initiative, by which they will strategically pick cases that can clearly demonstrate Congress violated the Constitution when it passed the Digital Millennium Copyright Act (DMCA) in 1998.
Kit Walsh, a lawyer with the Electronic Frontier Foundation, thinks this is wrong. "Think of crash test dummies," he says. "Those safety tests are relied on by a majority of Americans in deciding what vehicles to trust and to rely upon. And the same kind of analysis should be possible with computers, given the crucial role that they play in controlling safety-critical systems as well as emissions systems."
Walsh says if independent researchers had access to the code in VWs, for instance, they might have detected the cheating software much sooner and revealed that the clean diesel the company touted in a recent TV ad wasn't so clean.
An exemption to the law that would allow researchers and owners to access car software has been fought by the auto industry. And, Walsh says, the industry had an unexpected ally. "We were surprised to see that the EPA wrote in against the exemption, particularly given that the investigation against Volkswagen must have been underway at that point," he says.
For Jillian York, the Director for International Freedom of Expression at the Electronic Frontier Foundation, however, the focus of the new initiative is wrong, given that censorship globally “is largely dwindling,” and countries are more focused on surveillance and going after dissidents “for speech after the fact.”
“Circumvention is a band-aid,” she told Motherboard via Twitter direct message. “While I'm not in favor of government funding for Internet freedom, I'd still rather see it put to better use, or see diplomacy efforts to push countries toward a more open internet.”
For the News app, the end result of that process looks like a boon for consumers according to privacy advocates. “It goes a long way to mitigating the potential risks involved in the type of tracking they’re doing,” said Nate Cardozo, a staff attorney at the Electronic Frontier Foundation.
Squirreled away in something called the Digital Millennium Copyright Act of 1998 is fine print that makes it risky to dig around under the hood of a new car and find out what makes it tick, explains Kit Walsh of the Electronic Frontier Foundation.
“The modern automobile is controlled by about 100 different computers running software created by the automakers or third parties that they contract with,” Walsh said. "And they typically will lock down that software so that you can’t even look at it, let alone modify it as a user."
That's troubling to Andrew Crocker, a staff attorney at the Electronic Frontier Foundation, who has researched the US government’s practice of buying information about software vulnerabilities. Using a Freedom of Information Act request, Mr. Crocker was able to get a copy of the government's Vulnerabilities Equities Process – the guidelines that the government and intelligence services use to acquire and deploy software vulnerabilities.
"It’s an open secret that the government uses vulnerabilities for both offensive and defensive purposes," said Crocker. "And this isn't just vulnerabilities they discover, but those they acquire from other sources."
Crocker said that the practice of buying vulnerabilities from vendors such as Zerodium presents many problems. The least of those is that buying the information has the potential to make governments complicit in allowing software vulnerabilities to fester. And, because nation-states or cybercriminals might discover the same holes, such activity may put the public at risk, he notes.
Hours after activist David Miranda revealed his proposal for the Snowden Treaty, Snowden himself addressed the Electronic Frontier Foundation's 2015 Pioneer Awards ceremony, where he was interviewed by journalist Kashmir Hill about his 2013 disclosures and the way they've changed the world.
"The fact that automakers can assert a DMCA claim against researchers is a deterrent to going in and actually looking at the code to understand what it's doing," said Kit Walsh, a staff attorney at the Electronic Frontier Foundation (EFF).
The EFF, a non-profit digital rights group, has opposed the protections for the auto industry under the DMCA, arguing that vehicle owners and others have the right to inspect the code that runs their vehicles and allow a mechanic of their choice do work on their cars and trucks.