EFF in the News
Nadia Kayyali with the Electronic Frontier Foundation said “there are not a lot of spots left where there’s not some sort of private or public surveillance camera.”
"It sounds like a gold mine for ID thieves," said Jeremy Gillula, staff technologist for the Electronic Frontier Foundation, a civil liberties group focused on technology. "I'm kind of surprised that this information was never compromised."
“No amount of authentication can compensate for insecure hardware and software,” Electronic Frontier Foundation senior staff attorney Lee Tien said. “Plus, we just saw that OPM admitted something like 5.6 million fingerprints were compromised—isn’t biometric authentication wonderful?”
In the taxpayer security situation, “here, I guess the issue is face recognition—but if I can make my phone send a picture of you, is that enough?” he wondered.
“The NSA’s greatest win would be to convince people that privacy doesn’t exist,” says Danny O’Brien, international director of the US-based digital rights campaigners Electronic Frontier Foundation. “Privacy nihilism is the state of believing that: ‘If I’m doing nothing wrong, I have nothing to hide, so it doesn’t matter who’s watching me’.”
This has had an unintended effect of creating what O’Brien describes as “unintentional honeypots” of data that tempt those who want to snoop, be it malicious hackers, other corporations or states. In the past, corporations protected this data from hackers who might try to get credit card numbers (or similar) to carry out theft. However, these “honeypot” operators have realised that while they were always subject to the laws and courts of various countries, they are now also protecting their data from state security agencies. This largely came to light following the alleged hacking of Google’s Gmail by China. Edward Snowden’s revelations about the United States’ NSA and the UK’s GCHQ further proved the extent to which states were carrying out not just targeted snooping, but also mass surveillance on their own and foreign citizens.
“What we've sometimes seen is that if a company fails, their patents may be sold off in order to get money for creditors,” Vera Ranieri, a patent law staff lawyer for the Electronic Frontier Foundation, wrote me in an email. “Oftentimes the patents are sold to non-practicing entities that intend to use the patents to sue for infringement.”
"The Open Internet Order wouldn't reach this conduct because neither Cisco nor Apple are providing mass market broadband service in this scenario," said Electronic Frontier Foundation attorney Kit Walsh in an email.
But if there's no obvious copyright and memes are prolific, it raises questions about when it's OK for people to use them online, in publications, and in advertising. According to Parker Higgins, the Electronic Frontier Foundation's director of copyright activism, there's no real concrete answer.
The ad using Brosh's artwork is straightforward, Higgins says, because it's from a well-known artist who has copyrighted her work. For other meme creators, though, it might be different.
"So we don’t have, in terms of display images or display ads like this, we don’t have any kind of compulsory license," Higgins said. "You get to choose whether or not you license it out. And if you don’t get a license, then either you’re making it fair use, or you don’t get to use it."
Jacob Hoffman-Andrews, a staff technologist at the Electronic Frontier Foundation who has been working on the Encrypt The Web initiative, told me.
STARTTLS is not a panacea. Internet service providers, and anyone who controls the network’s backbone—as some governments do—can remove the encryption with man-in-the-middle attacks by stripping the “STARTTLS flag” used to request encryption to the server. In these cases, servers are usually programmed to proceed without encryption.
Yet Hoffman-Andrews said STARTTLS is “an important first step.” For Soghoian, the ACLU technologist, it’s “cybersecurity and foreign intelligence 101.”
Privacy campaigners see the advisory board’s recent progress as an unambiguous victory. “I think it shows that the conversation around the DAC was not a one-time thing,” said Nadia Kayyali, an activist with the Electronic Frontier Foundation, a civil liberties organization, in a phone interview before the vote. “There’s growing concern about this technology in all forms.”
"It seems like they have a lot of offerings but a lot of other certificate authorities have similar offerings," said William Budington, a software engineer for the Electronic Frontier Foundation.
EFF is working with Mozilla, Cisco, the makers of Wordpress and others to offer a free TLS certificates at LetsEncrypt.org. It, too, wants better security online with easier SSL installation.
"It's a laborious process (to install). It's not very straightforward even for folks who are technically apt," Budington said. "We want to make encryption as the default on the Web, not the exception."